CVE-2026-5978
Published: 09 April 2026
Summary
CVE-2026-5978 is a critical-severity Command Injection (CWE-77) vulnerability in Totolink A7100RU (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by requiring validation of the manipulable 'mode' argument in the setWiFiAclRules CGI function.
Mandates timely identification, reporting, and correction of the specific command injection flaw in Totolink A7100RU firmware.
Enforces boundary protection to monitor and control remote network access to the vulnerable /cgi-bin/cstecgi.cgi endpoint, blocking unauthenticated exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a command injection in a public-facing CGI interface on a router, directly enabling exploitation of public-facing applications (T1190) and arbitrary OS command execution via network device CLI (T1059.008).
NVD Description
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated…
more
remotely. The exploit has been disclosed publicly and may be used.
Deeper analysisAI
CVE-2026-5978 is an OS command injection vulnerability (CWE-77, CWE-78) in the Totolink A7100RU router running firmware version 7.4cu.2313_b20191024. The flaw resides in the setWiFiAclRules function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component, where the 'mode' argument can be manipulated to inject arbitrary operating system commands. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.
The vulnerability is exploitable remotely by unauthenticated attackers with network access to the device, requiring no privileges, low complexity, or user interaction. Successful exploitation allows attackers to execute arbitrary OS commands, potentially achieving full control over the router, including data exfiltration, modification of configurations, denial of service, or pivoting to other network assets.
References, including a GitHub repository with a disclosed exploit proof-of-concept and VulDB entries, confirm the issue's public disclosure without specifying vendor patches. Security practitioners should check the Totolink website for firmware updates and apply network segmentation or access controls to exposed devices in the interim.
The exploit has been publicly released, increasing the likelihood of real-world attacks against unpatched Totolink A7100RU routers.
Details
- CWE(s)