Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9387: Totolink A8000RU Web Management Interface Allows Remote Code Execution
CVE-2026-9387
Summary
A security flaw in the Totolink A8000RU's web management interface could allow an attacker to take control of the router remotely. This is a serious issue because an attacker could use it to change settings, access sensitive information, or even use the router to attack other devices on the network. To protect your network, update your Totolink A8000RU router to the latest available firmware as soon as possible.
Original title
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Inter...
Original description
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 24 May 2026 · Updated: 31 May 2026 · First seen: 26 May 2026