CVE-2026-5851
OS Command Injection in Totolink A7100RU CGI Handler Enables Remote Exploit
Publication date: 2026-04-09
Last updated on: 2026-04-09
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a7100ru | 7.4cu.2313_b20191024 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /cgi-bin/cstecgi.cgi by implementing firewall rules or access control lists to block unauthorized remote POST requests.
If possible, disable remote management features on the Totolink A7100RU router to prevent external exploitation.
Monitor the device for unusual command execution or network activity that may indicate exploitation attempts.
Apply any available firmware updates or patches from the vendor addressing this vulnerability once released.
Can you explain this vulnerability to me?
CVE-2026-5851 is a command injection vulnerability in the TOTOLINK A7100RU router, version 7.4cu.2313_b20191024. It exists in the CGI script cstecgi.cgi, specifically in the function that processes the "enable" parameter.
An attacker can send a specially crafted HTTP POST request with a malicious "enable" parameter that gets passed to a system command execution function without proper sanitization. This allows the attacker to execute arbitrary operating system commands remotely on the router.
For example, the attacker can inject commands like "wget" to download files or execute other harmful commands on the device, potentially compromising the entire system.
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary operating system commands on the affected TOTOLINK A7100RU router.
The impact includes potential full system compromise, which can lead to unauthorized control over the device, interception or manipulation of network traffic, disruption of network services, and use of the device as a foothold for further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests sent to the endpoint /cgi-bin/cstecgi.cgi that include a JSON payload with the "enable" parameter containing unusual or arbitrary OS commands.
A practical detection method is to capture and analyze network traffic for such POST requests targeting the vulnerable router.
For example, using a tool like curl, you can simulate or detect suspicious requests by checking for the presence of the "enable" parameter in POST data.
- curl -X POST http://<router-ip>/cgi-bin/cstecgi.cgi -d '{"enable":"<command>"}'
Additionally, network intrusion detection systems (NIDS) can be configured to alert on POST requests to /cgi-bin/cstecgi.cgi containing suspicious payloads.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to execute arbitrary operating system commands on the affected TOTOLINK A7100RU router, potentially leading to full system compromise.
Such a compromise could result in unauthorized access to sensitive data or disruption of services, which may violate data protection and security requirements outlined in standards like GDPR and HIPAA.
Therefore, if this device is used in environments subject to these regulations, the vulnerability could negatively impact compliance by exposing personal or protected health information to unauthorized parties.