Totolink A7100RU 7.4cu.2313 OS Command Injection via cstecgi.cgi
CVE-2026-5854 Published on April 9, 2026
Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2026-5854 has been classified to as a Shell injection vulnerability or weakness.
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2026-5854 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2026-5854
Want to know whenever a new CVE is published for Totolink A7100ru Firmware? stack.watch will email you.
