CVE-2026-9435
CriticalSummary
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521, affecting the setQosCfg function in the /cgi-bin/cstecgi.cgi file of the Web Management Interface. Manipulating the enable argument results in OS command injection.
Risk Assessment
Remote exploitation of this vulnerability is possible, posing a serious threat to the security of the system and the organization's data.
Recommendation
It is recommended to update the software to the latest version and monitor the system for unauthorized activities.
Original NVD description (English source)
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

