CVE-2026-7153

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521

Description A security flaw in the CGI Handler component allows remote attackers to perform OS command injection. This occurs through the manipulation of the sys info argument within the setMiniuiHomeInfoShow() function of the '/cgi-bin/cstecgi.cgi' endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint or the setMiniuiHomeInfoShow() function to minimize the risk of exploitation.