Description
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-05-24
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer around the parameter firing that controls firewall settings in the Totolink A8000RU Web Management Interface has been exploited to execute arbitrary operating‑system commands on the device. The vulnerability is a classic OS command injection flaw, mapped to CWE‑77 and CWE‑78. Successful exploitation would allow an attacker to run arbitrary code on the router, compromise device integrity, and potentially pivot to other network assets.

Affected Systems

The affected hardware is the Totolink A8000RU router, firmware 7.1cu.643_b20200521. Broad users of this model who have the web management interface enabled should verify their installed firmware and plan an update.

Risk and Exploitability

The CVSS score of 9.3 reflects a high‑severity impact. The EPSS score is not available, but the vulnerability is listed in publicly shared exploits and is therefore a credible threat. The attacker can reach the vulnerable parameter remotely via the web interface, likely from any compromised or malicious machine on the internet. No KEV listing is available, yet the remote nature and high CVSS warrant immediate attention.

Generated by OpenCVE AI on May 25, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router to a firmware version that removes the vulnerable setFirewallType function.
  • If a firmware update cannot be applied immediately, restrict external access to the Web Management Interface by placing the device behind a locked-down firewall or DMZ and allowing only trusted IP ranges.
  • Ensure strong, unique credentials are used for the admin account and consider disabling remote web management if it is not required.

Generated by OpenCVE AI on May 25, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Totolink a8000ru
Vendors & Products Totolink a8000ru

Mon, 25 May 2026 00:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Title Totolink A8000RU Web Management cstecgi.cgi setFirewallType os command injection
First Time appeared Totolink
Totolink a8000ru Firmware
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:o:totolink:a8000ru_firmware:*:*:*:*:*:*:*:*
Vendors & Products Totolink
Totolink a8000ru Firmware
References
Metrics cvssV2_0

{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Totolink A8000ru A8000ru Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T23:45:11.542Z

Reserved: 2026-05-24T06:27:27.991Z

Link: CVE-2026-9407

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T02:30:14Z

Weaknesses