CVE-2026-5692 — Command Injection in A7100ru

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

4.9%

top 10.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink A7100ru

Timeline

PublishedApr 7

Description

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5totolink/a7100ru7.4cu.2313_b20191024

🔴Vulnerability Details

GHSA

GHSA-x663-j3pw-658j: A vulnerability was found in Totolink A7100RU 7↗2026-04-07

▶

CVEList

Totolink A7100RU cstecgi.cgi setGameSpeedCfg os command injection↗2026-04-06

▶