Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
Totolink A7100RU Router Allows Unauthenticated Password Changes
CVE-2026-5997
Summary
A flaw in the Totolink A7100RU router's password management system can allow an attacker to change administrator passwords without needing a password. This means an attacker could gain control of the router. To protect your network, update your router's software to the latest version.
Original title
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The ma...
Original description
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026