PT-2026-31738 · Totolink · Totolink A7100Ru

Ltzhuster2

Published

2026-04-09

Updated

2026-04-19

CVE-2026-5977

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024

Description A weakness exists in Totolink A7100RU version 7.4cu.2313 b20191024. The setWiFiBasicCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component is affected. Manipulation of the wifiOff argument can lead to OS command injection, allowing for remote attacks. The exploit has been made publicly available.

Recommendations For Totolink A7100RU version 7.4cu.2313 b20191024, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-5977

Affected Products

Totolink A7100Ru

PT-2026-31738 · Totolink · Totolink A7100Ru

CVE-2026-5977

Weakness Enumeration

Related Identifiers

Affected Products

References · 11