Skip to main content

A8000Ru CVE-2026-7138

| EUVDEUVD-2026-25876 HIGH
OS Command Injection (CWE-78)
2026-04-27 VulDB
8.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.9 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
PoC Detected
Apr 27, 2026 - 18:35 vuln.today
Public exploit code
Severity Changed
Apr 27, 2026 - 16:22 NVD
CRITICAL HIGH
CVSS changed
Apr 27, 2026 - 16:22 NVD
9.8 (CRITICAL) 8.9 (HIGH)
EUVD ID Assigned
Apr 27, 2026 - 16:15 euvd
EUVD-2026-25876
CVE Published
Apr 27, 2026 - 16:00 nvd
HIGH 8.9

DescriptionCVE.org

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The exploit is now public and may be used.

Analysis

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The exploit is now public and may be used.

CVE-2026-9436 HIGH POC
8.9 May 25

OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to

CVE-2026-9478 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke

CVE-2026-9477 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke

CVE-2026-9476 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke

CVE-2026-9475 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attacke

CVE-2026-9458 HIGH POC
8.9 May 25

Remote OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated attacke

CVE-2026-9457 HIGH POC
8.9 May 25

OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to

CVE-2026-9456 HIGH POC
8.9 May 25

Remote OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated attackers to

CVE-2026-9455 HIGH POC
8.9 May 25

OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to

CVE-2026-9454 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke

CVE-2026-9435 HIGH POC
8.9 May 25

OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to

CVE-2026-9434 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attacke

Share

CVE-2026-7138 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy