Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
Totolink A7100RU Router - Remote Command Injection via CGI Handler
CVE-2026-5996
Summary
A security flaw in the Totolink A7100RU router's CGI Handler allows an attacker to execute arbitrary system commands over the internet. This could potentially allow an attacker to gain control of the router or disrupt its operation. To protect yourself, consider updating to a newer firmware version or configuring the router to block access to the CGI Handler.
Original title
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI H...
Original description
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026