Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9385: Totolink A8000RU Web Interface Traceroute Settings Misuse
CVE-2026-9385
Summary
A vulnerability in the Totolink A8000RU's web interface allows an attacker to inject malicious commands, potentially giving them control over the device. This could lead to unauthorized changes or disruption of the device's operation. Update the device's software to the latest version to fix this issue.
Original title
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. ...
Original description
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 24 May 2026 · Updated: 31 May 2026 · First seen: 26 May 2026