CVE-2026-5851
Received Received - Intake
OS Command Injection in Totolink A7100RU CGI Handler Enables Remote Exploit

Publication date: 2026-04-09

Last updated on: 2026-04-09

Assigner: VulDB

Description
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-09
Generated
2026-06-16
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5851
EUVD
EUVD-2026-20864
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a7100ru 7.4cu.2313_b20191024
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint /cgi-bin/cstecgi.cgi by implementing firewall rules or access control lists to block unauthorized remote POST requests.

If possible, disable remote management features on the Totolink A7100RU router to prevent external exploitation.

Monitor the device for unusual command execution or network activity that may indicate exploitation attempts.

Apply any available firmware updates or patches from the vendor addressing this vulnerability once released.

Executive Summary

CVE-2026-5851 is a command injection vulnerability in the TOTOLINK A7100RU router, version 7.4cu.2313_b20191024. It exists in the CGI script cstecgi.cgi, specifically in the function that processes the "enable" parameter.

An attacker can send a specially crafted HTTP POST request with a malicious "enable" parameter that gets passed to a system command execution function without proper sanitization. This allows the attacker to execute arbitrary operating system commands remotely on the router.

For example, the attacker can inject commands like "wget" to download files or execute other harmful commands on the device, potentially compromising the entire system.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary operating system commands on the affected TOTOLINK A7100RU router.

The impact includes potential full system compromise, which can lead to unauthorized control over the device, interception or manipulation of network traffic, disruption of network services, and use of the device as a foothold for further attacks within the network.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious HTTP POST requests sent to the endpoint /cgi-bin/cstecgi.cgi that include a JSON payload with the "enable" parameter containing unusual or arbitrary OS commands.

A practical detection method is to capture and analyze network traffic for such POST requests targeting the vulnerable router.

For example, using a tool like curl, you can simulate or detect suspicious requests by checking for the presence of the "enable" parameter in POST data.

  • curl -X POST http://<router-ip>/cgi-bin/cstecgi.cgi -d '{"enable":"<command>"}'

Additionally, network intrusion detection systems (NIDS) can be configured to alert on POST requests to /cgi-bin/cstecgi.cgi containing suspicious payloads.

Compliance Impact

The vulnerability allows remote attackers to execute arbitrary operating system commands on the affected TOTOLINK A7100RU router, potentially leading to full system compromise.

Such a compromise could result in unauthorized access to sensitive data or disruption of services, which may violate data protection and security requirements outlined in standards like GDPR and HIPAA.

Therefore, if this device is used in environments subject to these regulations, the vulnerability could negatively impact compliance by exposing personal or protected health information to unauthorized parties.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5851. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart