CVE Catalog

CVE-2026-9435

Critical
Published: Translated: NVD NIST

Summary

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521, affecting the setQosCfg function in the /cgi-bin/cstecgi.cgi file of the Web Management Interface. Manipulating the enable argument results in OS command injection.

Risk Assessment

Remote exploitation of this vulnerability is possible, posing a serious threat to the security of the system and the organization's data.

Recommendation

It is recommended to update the software to the latest version and monitor the system for unauthorized activities.

Original NVD description (English source)

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS