PT-2026-43044 · Totolink · A8000Ru
Ltzhust
·
Published
2026-05-25
·
Updated
2026-05-25
·
CVE-2026-9456
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used.
Exploit
Command Injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
A8000Ru