Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9432: Totolink A8000RU Web Management Interface allows remote code execution
CVE-2026-9432
Summary
An attacker can remotely access and control the router's settings, potentially causing harm or disruption. This vulnerability affects the Totolink A8000RU router with software version 7.1cu.643_b20200521. To protect your network, consider updating to the latest software version or disabling the Web Management Interface if not in use.
Original title
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Managem...
Original description
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 25 May 2026 · Updated: 1 Jun 2026 · First seen: 26 May 2026