CVE-2026-9405
CriticalSummary
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521 in the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the Web Management Interface. Manipulating the argument enable results in os command injection.
Risk Assessment
Remote exploitation of this vulnerability is possible, posing a serious security threat to the system. A publicly available exploit may be used for attacks.
Recommendation
It is recommended to update the software to the latest version to eliminate this vulnerability. Additionally, monitor systems for unauthorized activities.
Original NVD description (English source)
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

