CVE-2026-5853

CriticalRCEUpdated

Published: 09 April 2026

Published

09 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0122 79.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5853 is a critical-severity Command Injection (CWE-77) vulnerability in Totolink A7100RU (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-2 (Separation of System and User Functionality) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates the addrPrefixLen argument in the setIpv6LanCfg function to block OS command injection payloads.

SI-2 Flaw Remediation good match

prevent

Remediates the specific OS command injection flaw in the Totolink router's CGI handler through timely flaw remediation including firmware patching.

SC-2 Separation of System and User Functionality good match

prevent

Separates user-supplied addrPrefixLen input from system command execution in the CGI handler to prevent injection attacks.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

CVE enables remote exploitation of public-facing web application (T1190) on router leading to arbitrary OS command execution via network device CLI (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack…

may be performed from remote. The exploit has been disclosed publicly and may be used.

Deeper analysisAI

CVE-2026-5853 is an OS command injection vulnerability affecting the Totolink A7100RU router on firmware version 7.4cu.2313_b20191024. The flaw resides in the setIpv6LanCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component, where manipulation of the addrPrefixLen argument enables command injection.

Attackers can exploit this vulnerability remotely without authentication or user interaction, as reflected in its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation allows arbitrary OS command execution, granting high-impact control over confidentiality, integrity, and availability of the affected device.

Advisories detail the issue on VulDB (vuln/356379 and related pages) and a GitHub repository at Litengzheng/vuldb_new, which includes the publicly disclosed exploit. The vendor site at totolink.net is referenced, but specific patch or mitigation guidance is not outlined in the disclosure.

The exploit has been publicly released and is available for use, with the vulnerability mapped to CWE-77 (Command Injection) and CWE-78 (OS Command Injection). It was published on 2026-04-09.

Details

CWE(s): CWE-77 CWE-78

Affected Products

Totolink

A7100RU

inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-7244Shared CWE-77, CWE-78

CVE-2026-6156Shared CWE-77, CWE-78

CVE-2025-7407Shared CWE-77, CWE-78

CVE-2026-7123Shared CWE-77, CWE-78

CVE-2026-7124Shared CWE-77, CWE-78

CVE-2026-5355Shared CWE-77, CWE-78

CVE-2026-7538Shared CWE-77, CWE-78

CVE-2026-5997Shared CWE-77, CWE-78

CVE-2026-7153Shared CWE-77, CWE-78

CVE-2026-6138Shared CWE-77, CWE-78

References

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_159/README.md
cna@vuldb.com
https://vuldb.com/submit/791274
cna@vuldb.com
https://vuldb.com/vuln/356379
cna@vuldb.com
https://vuldb.com/vuln/356379/cti
cna@vuldb.com
https://www.totolink.net/
cna@vuldb.com