CVE-2026-5978

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024

Description A security issue exists in the Totolink A7100RU version 7.4cu.2313 b20191024. The setWiFiAclRules function within the /cgi-bin/cstecgi.cgi file, part of the CGI Handler component, is susceptible to OS command injection. The mode argument can be manipulated to achieve this. The attack can be initiated remotely and an exploit has been publicly disclosed.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi file.