CVE-2026-2167 – This CVE describes a remote command injection v... (How to Fix)

Q: What is the severity of CVE-2026-2167?

CVE-2026-2167 has a CVSS score of 6.3 (MEDIUM). This CVE describes a remote command injection vulnerability in Totolink WA300 routers. Attackers can execute arbitrary operating system commands by manipulating the Ipaddr parameter in the setAPNetwork function. All users of affected Totolink WA300 router versions are vulnerable to remote exploitation.

📋 TL;DR

This CVE describes a remote command injection vulnerability in Totolink WA300 routers. Attackers can execute arbitrary operating system commands by manipulating the Ipaddr parameter in the setAPNetwork function. All users of affected Totolink WA300 router versions are vulnerable to remote exploitation.

💻 Affected Systems

Products:

Totolink WA300 router

Versions: 5.2cu.7112_B20190227 (specific version mentioned, likely affects similar versions)

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default web management interface accessible on port 80/443. No special configuration required for exploitation.

📦 What is this software?

Wa300 Firmware by Totolink

View all CVEs affecting Wa300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full router compromise allowing attacker to install persistent backdoors, intercept all network traffic, pivot to internal networks, and brick the device.

🟠

Likely Case

Router takeover leading to network traffic interception, DNS hijacking, credential theft, and lateral movement to connected devices.

🟢

If Mitigated

Limited impact if device is behind strict firewall rules, but still vulnerable to internal attackers or if perimeter controls fail.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-facing devices immediate targets.

🏢 Internal Only: MEDIUM - Internal attackers can exploit this, but requires network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists on GitHub. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net/

Restart Required: Yes

Instructions:

1. Check Totolink website for firmware updates. 2. Download latest firmware for WA300 model. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload new firmware file. 6. Wait for reboot and verify version.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router management interface

Access router admin > Advanced > Remote Management > Disable

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Implement strict firewall rules blocking all external access to router management ports (80, 443, 8080)
Deploy network-based intrusion prevention system (IPS) with command injection detection rules

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version matches 5.2cu.7112_B20190227 or similar, assume vulnerable.

Check Version:

curl -s http://router-ip/cgi-bin/cstecgi.cgi | grep version OR check web admin interface

Verify Fix Applied:

Verify firmware version has been updated to a version after the vulnerable release. Test management interface for command injection attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /cgi-bin/cstecgi.cgi with shell metacharacters in parameters
Multiple failed login attempts followed by successful command execution patterns

Network Indicators:

HTTP requests containing shell commands (;, |, &, $, etc.) in URL parameters
Unusual outbound connections from router to external IPs

SIEM Query:

source="router_logs" AND uri="/cgi-bin/cstecgi.cgi" AND (param="Ipaddr" AND value MATCHES "[;&|`$()]+")

📊 Metadata

CVE ID: CVE-2026-2167

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 2.16% exploit probability (84th percentile)

Published: February 8, 2026

Last Updated: February 11, 2026

🔗 References

https://github.com/master-abc/cve/issues/36 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.344869 Permissions Required,VDB Entry
https://vuldb.com/?id.344869 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.752063 Third Party Advisory,VDB Entry
https://www.totolink.net/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2167, you might also want to check these: