CVE-2026-5977

Critical

Published: 09 April 2026

Published

09 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0125 79.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to…

launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires identification, reporting, and correction of the OS command injection flaw in the Totolink router's CGI handler.

SI-10 Information Input Validation good match

prevent

Implements input validation at the CGI interface to prevent command injection via the untrusted wifiOff argument.

AC-3 Access Enforcement good match

prevent

Enforces access authorizations to block unauthorized remote access to the vulnerable setWiFiBasicCfg function.

Security SummaryAI

CVE-2026-5977 is an OS command injection vulnerability in the Totolink A7100RU router running firmware version 7.4cu.2313_b20191024. The issue affects the setWiFiBasicCfg function in the /cgi-bin/cstecgi.cgi file of the CGI Handler component, where manipulation of the wifiOff argument triggers command injection, as classified under CWE-77 and CWE-78.

The vulnerability enables remote exploitation with no required privileges or user interaction, reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Attackers can achieve high-impact compromise, including arbitrary command execution on the device, potentially granting full control over the router.

Advisories referenced on VulDB (vuln/356531 and related pages) document the flaw and its remote exploitability, while a GitHub repository provides a public proof-of-concept exploit. The Totolink manufacturer website is also listed among references, though specific patch details are not detailed in the available information.

The exploit's public availability heightens the risk of widespread attacks against unpatched Totolink A7100RU devices.

Details

CWE(s): CWE-77 CWE-78

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

The vulnerability is a remotely exploitable OS command injection in a public-facing web CGI interface on a router (T1190), directly enabling arbitrary command execution via network device CLI (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_163/README.md
cna@vuldb.com
https://vuldb.com/submit/791823
cna@vuldb.com
https://vuldb.com/vuln/356531
cna@vuldb.com
https://vuldb.com/vuln/356531/cti
cna@vuldb.com
https://www.totolink.net/
cna@vuldb.com