Cyber Posture

CVE-2026-5996

Critical

Published: 10 April 2026

Published
10 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0125 79.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible…

more

to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of the tty_server argument in the setAdvancedInfoShow CGI function to block OS command injection exploits.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of the specific flaw in /cgi-bin/cstecgi.cgi to remediate CVE-2026-5996.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations preventing unauthenticated remote access to the vulnerable CGI handler component.

Security SummaryAI

CVE-2026-5996 is an OS command injection vulnerability affecting the Totolink A7100RU router on firmware version 7.4cu.2313_b20191024. The flaw exists in the setAdvancedInfoShow function of the /cgi-bin/cstecgi.cgi file within the CGI Handler component, where manipulation of the tty_server argument enables command injection. Published on 2026-04-10, it is associated with CWEs-77 and CWE-78.

Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation allows high-impact compromise of confidentiality, integrity, and availability, potentially enabling full control over the device. The exploit has been publicly disclosed and may be used.

Advisories and additional details are documented in references such as a GitHub repository containing exploit information at https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_168/README.md, VulDB submission and vulnerability pages at https://vuldb.com/submit/792044, https://vuldb.com/vuln/356550, and https://vuldb.com/vuln/356550/cti, along with the vendor site at https://www.totolink.net/.

Details

CWE(s)
CWE-77CWE-78

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Unauthenticated remote OS command injection via public-facing router web CGI enables exploitation of public-facing application (T1190) and Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References