Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9408: Totolink A8000RU Web Management Interface Remote Command Execution
CVE-2026-9408
Summary
An attacker can remotely execute commands on the Totolink A8000RU router's Web Management Interface, potentially accessing or changing sensitive settings. This is a serious security risk because it allows unauthorized access to the router's internal systems. Users should update their router's software to the latest version to protect against this vulnerability.
Original title
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Inte...
Original description
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 25 May 2026 · Updated: 1 Jun 2026 · First seen: 26 May 2026