Vulnerability Key Information Summary 1. Vulnerability Overview Vulnerability Name: TOTOLINK A7100RU /CGI-BIN/CSTECGI.CGI SETFIREWALLTYPE FIREWALLTYPE OS COMMAND INJECTION Vulnerability Type: OS Command Injection CVE ID: CVE-2026-5691 CVSS Score: 6.6 (Critical) Vulnerability Description: A critical vulnerability has been discovered in the firmware of the Totolink A7100RU router. An attacker can manipulate the parameter within the file to trigger an OS command injection. This vulnerability allows remote attackers to execute arbitrary system commands without authentication, impacting the confidentiality, integrity, and availability of the system. 2. Scope of Impact Affected Product: Totolink A7100RU Affected Version: 7.4CU.2313_B20191024 Affected Component: function within the file Attack Conditions: Remote attack, No Authentication required 3. Remediation The provided screenshot does not contain specific remediation code, but technical details and a public exploit are known. It is recommended to refer to the relevant advisory available at github.com for firmware upgrades or patches. 4. POC/Exploit Code The provided screenshot does not include a specific POC code block, only mentioning that "an exploit is available."