🔒 CVE-2026-5851: CRITICAL OS command injection in Totolink A7100RU (7.4cu.2313_b20191024). Remote, unauthenticated RCE possible via /cgi-bin/cstecgi.cgi. Exploit public, no patch. Isolate device and check for updates! https://radar.offseq.com/threat/cve-2026-5851-os-command-injection-in-totolink-a71-cec71662 #OffSeq #CVE20265851 #IoTSec