CVE Catalog

CVE-2026-9404

Critical
Published: Translated: NVD NIST

Summary

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521, affecting the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the Web Management Interface. Manipulation of the argument provider leads to OS command injection.

Risk Assessment

The attack may be launched remotely, and publicly available exploits could be used by potential attackers.

Recommendation

It is recommended to update the device to the latest firmware version to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS