Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used.
AnalysisAI
Remote command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated attackers to execute arbitrary OS commands with router privileges via the setUrlFilterRules CGI function. Public exploit code exists (CVSS:4.0 E:P indicator), significantly increasing exploitation risk. EPSS data unavailable, but network-accessible command injection with public POC represents critical risk for internet-exposed devices.
Technical ContextAI
The vulnerability resides in the CGI handler (/cgi-bin/cstecgi.cgi) of the Totolink A8000RU wireless router, specifically within the setUrlFilterRules function used for URL filtering administration. This is a CWE-77 (Command Injection) flaw where user-supplied input to the 'enable' parameter is passed unsanitized to system shell commands. CGI-based router administration interfaces frequently suffer from insufficient input validation when processing configuration changes, allowing attackers to break out of intended command contexts by injecting shell metacharacters (semicolons, pipes, backticks). The affected firmware version 7.1cu.643_b20200521 from May 2020 suggests this is legacy code with no modern input sanitization mechanisms.
RemediationAI
Check Totolink vendor website (https://www.totolink.net/) for firmware updates newer than 7.1cu.643_b20200521 addressing CVE-2026-7203. No specific patched version identified in available advisories at time of analysis. If no patch exists, implement network-level compensating controls: (1) Remove A8000RU devices from WAN exposure - disable remote administration and place behind NAT with no port forwarding to TCP 80/443, which eliminates remote attack vector but prevents legitimate remote management; (2) Restrict web interface access to trusted management VLANs only via router ACLs, reducing attack surface to internal threats; (3) Monitor router logs for unexpected cstecgi.cgi requests containing shell metacharacters (semicolons, pipes, ampersands) as IOC of exploitation attempts; (4) If remote management required, place device behind VPN gateway requiring authentication before router access. Consider hardware replacement with actively maintained alternative if vendor does not release timely patch, as legacy SOHO routers frequently receive no security updates.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25960