CVE-2026-5978

Critical

Published: 09 April 2026

Published

09 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0125 79.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated…

remotely. The exploit has been disclosed publicly and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents OS command injection by requiring validation of the manipulable 'mode' argument in the setWiFiAclRules CGI function.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of the specific command injection flaw in Totolink A7100RU firmware.

SC-7 Boundary Protection good match

prevent

Enforces boundary protection to monitor and control remote network access to the vulnerable /cgi-bin/cstecgi.cgi endpoint, blocking unauthenticated exploitation.

Security SummaryAI

CVE-2026-5978 is an OS command injection vulnerability (CWE-77, CWE-78) in the Totolink A7100RU router running firmware version 7.4cu.2313_b20191024. The flaw resides in the setWiFiAclRules function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component, where the 'mode' argument can be manipulated to inject arbitrary operating system commands. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

The vulnerability is exploitable remotely by unauthenticated attackers with network access to the device, requiring no privileges, low complexity, or user interaction. Successful exploitation allows attackers to execute arbitrary OS commands, potentially achieving full control over the router, including data exfiltration, modification of configurations, denial of service, or pivoting to other network assets.

References, including a GitHub repository with a disclosed exploit proof-of-concept and VulDB entries, confirm the issue's public disclosure without specifying vendor patches. Security practitioners should check the Totolink website for firmware updates and apply network segmentation or access controls to exposed devices in the interim.

The exploit has been publicly released, increasing the likelihood of real-world attacks against unpatched Totolink A7100RU routers.

Details

CWE(s): CWE-77 CWE-78

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

The vulnerability is a command injection in a public-facing CGI interface on a router, directly enabling exploitation of public-facing applications (T1190) and arbitrary OS command execution via network device CLI (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_164/README.md
cna@vuldb.com
https://vuldb.com/submit/791825
cna@vuldb.com
https://vuldb.com/vuln/356532
cna@vuldb.com
https://vuldb.com/vuln/356532/cti
cna@vuldb.com
https://www.totolink.net/
cna@vuldb.com