CVE-2026-9406
Totolink A8000RU Web Management cstecgi.cgi setRemoteCfg os command injection
Vexday Risk Score
48Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.3EPSS 1.7%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
24 may 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Productos afectados
Totolink · A8000RUPoCs públicas encontradas — 1
cve_referencegithub.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_338/README.mdno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.