CVE Catalog

CVE-2026-9407

Critical
Published: Translated: NVD NIST

Summary

A vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521, affecting the setFirewallType function in the /cgi-bin/cstecgi.cgi file of the Web Management Interface. Manipulation of the firewallType argument leads to OS command injection.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a serious threat to the security of the system and the organization's data.

Recommendation

It is recommended to update the software to the latest version to mitigate this vulnerability and to monitor the system for potential attack attempts.

Original NVD description (English source)

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS