Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9407: Totolink A8000RU: Remote Code Execution via Web Interface
CVE-2026-9407
Summary
A security flaw in the Totolink A8000RU's web interface allows hackers to run malicious code remotely. This could let an attacker take control of the device or use it to launch further attacks. Update the device's software as soon as possible to fix the issue.
Original title
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component ...
Original description
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 25 May 2026 · Updated: 31 May 2026 · First seen: 26 May 2026