CVE-2026-5853

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024

Description A security issue exists in Totolink A7100RU 7.4cu.2313 b20191024. The setIpv6LanCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component is susceptible to os command injection through manipulation of the addrPrefixLen argument. This manipulation can be performed remotely. The exploit has been publicly disclosed.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2026-5853

Affected Products

Totolink A7100Ru

CVE-2026-5853

Weakness Enumeration

Related Identifiers

Affected Products

References · 9