Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9386: Totolink A8000RU Web Management Interface Language Setting Vulnerability
CVE-2026-9386
Summary
A hacker can remotely inject malicious commands into the Totolink A8000RU router's web management interface by manipulating the language setting. This could allow an attacker to take control of the router or disrupt its functionality. To protect yourself, update the router's software to the latest version.
Original title
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such mani...
Original description
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 24 May 2026 · Updated: 31 May 2026 · First seen: 26 May 2026