CVE Catalog

CVE-2026-9408

Critical
Published: Translated: NVD NIST

Summary

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521, affecting the setStaticDhcpRules function in the /cgi-bin/cstecgi.cgi file of the Web Management Interface. Manipulation of the enable argument results in OS command injection.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to device takeover. The public availability of the exploit increases the risk of attacks.

Recommendation

It is recommended to update the device firmware to the latest version to mitigate this vulnerability. Additionally, monitor logs for potential attack attempts.

Original NVD description (English source)

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS