CVE-2026-9404
CriticalSummary
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521, affecting the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the Web Management Interface. Manipulation of the argument provider leads to OS command injection.
Risk Assessment
The attack may be launched remotely, and publicly available exploits could be used by potential attackers.
Recommendation
It is recommended to update the device to the latest firmware version to mitigate this vulnerability and to monitor logs for potential attack attempts.
Original NVD description (English source)
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit is publicly available and might be used.

