Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9434: Totolink A8000RU Web Interface Allows Remote Attack
CVE-2026-9434
Summary
The Totolink A8000RU's web interface has a security weakness that could allow hackers to remotely take control of the device. This is a concern because it could allow unauthorized access to your network and potentially disrupt your internet connection. To protect your device, update the firmware to the latest version.
Original title
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface...
Original description
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 25 May 2026 · Updated: 1 Jun 2026 · First seen: 26 May 2026