Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9433: Totolink A8000RU Web Interface Allows Remote Attack
CVE-2026-9433
Summary
A security weakness in the Totolink A8000RU's web interface allows an attacker to remotely access and control the device by exploiting a specific function. This could potentially be used to compromise the device and disrupt its normal operation. To protect your device, consider updating to a newer version of the firmware if one is available, and take steps to limit remote access to the device.
Original title
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface....
Original description
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 25 May 2026 · Updated: 1 Jun 2026 · First seen: 26 May 2026