CVE-2026-2167

MediumPublic PoC

Published: 08 February 2026

Published

08 February 2026

Modified

11 February 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0053 67.5th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is…

now public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents OS command injection by requiring validation and sanitization of the Ipaddr argument in the setAPNetwork function of /cgi-bin/cstecgi.cgi.

SI-2 Flaw Remediation good match

prevent

Addresses the vulnerability through timely identification, reporting, and correction of the command injection flaw in Totolink WA300 firmware version 5.2cu.7112_B20190227.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables detection of the publicly available CVE-2026-2167 via regular vulnerability scanning of the router's web interface and firmware.

Security SummaryAI

CVE-2026-2167 is an OS command injection vulnerability (CWE-77, CWE-78) in the Totolink WA300 router firmware version 5.2cu.7112_B20190227. The flaw affects the setAPNetwork function in the /cgi-bin/cstecgi.cgi file, where manipulation of the Ipaddr argument enables command injection.

The vulnerability is remotely exploitable over the network with low attack complexity and requires low privileges (CVSS:3.1 score of 6.3; AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). An attacker with authenticated access can inject and execute arbitrary OS commands, potentially achieving limited impacts on confidentiality, integrity, and availability.

Advisories and further details are documented in references including VulDB entries (vuldb.com/?ctiid.344869, vuldb.com/?id.344869, vuldb.com/?submit.752063), a GitHub issue (github.com/master-abc/cve/issues/36), and the vendor site (totolink.net). A public exploit is available and may be used in attacks.

Details

CWE(s): CWE-77 CWE-78

Affected Products

totolink

wa300 firmware

5.2cu.7112_b20190227

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

OS command injection in router web CGI enables exploitation of public-facing application (T1190) and abuse of network device command interpreter (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/master-abc/cve/issues/36
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.344869
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.344869
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.752063
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.totolink.net/
Product · cna@vuldb.com