CVE-2026-9435

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Exploit

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2026-9435

Affected Products

A8000Ru

CVE-2026-9435

Weakness Enumeration

Related Identifiers

Affected Products

References · 5