Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9388: Totolink A8000RU Web Interface Command Injection Risk
CVE-2026-9388
Summary
The Totolink A8000RU's web interface has a security flaw that allows an attacker to inject malicious commands, potentially allowing them to access and control the router remotely. This could lead to unauthorized changes to the router's settings or even a complete takeover of the device. Users should consider updating their router's firmware to the latest version to protect against this vulnerability.
Original title
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interfac...
Original description
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 24 May 2026 · Updated: 31 May 2026 · First seen: 26 May 2026