Which versions of Totolink A8000RU are affected by CVE-2026-7242?

CVE-2026-7242 is a critical remote code execution vulnerability in Totolink A8000RU routers (firmware 7.1cu.643_b20200521) that allows unauthenticated attackers to execute arbitrary commands and…

Totolink A8000RU CVE-2026-7242

Q: What is the CVSS score of CVE-2026-7242?

CVE-2026-7242 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.9%.

EUVD-2026-26015 HIGH

Command Injection (CWE-77)

2026-04-28 cna@vuldb.com

Command Injection

8.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 28, 2026 - 20:38 vuln.today

cvss_changed

Analysis Generated

Apr 28, 2026 - 09:31 vuln.today

EUVD ID Assigned

Apr 28, 2026 - 09:22 euvd

EUVD-2026-26015

Analysis Generated

Apr 28, 2026 - 09:22 vuln.today

CVE Published

Apr 28, 2026 - 09:16 nvd

HIGH 8.9

DescriptionNVD

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated remote attackers to execute arbitrary system commands via the setOpenVpnClientCfg function in /cgi-bin/cstecgi.cgi by manipulating the 'enabled' parameter. Public exploit code exists (disclosed on GitHub), significantly lowering the barrier to exploitation. …

RemediationAI

Within 24 hours: Inventory all Totolik A8000RU routers in production and isolate any running firmware version 7.1cu.643_b20200521 to segregated network segments or offline status pending remediation. Within 7 days: Contact Totolink support for firmware update availability and timeline; if no patch is released, implement network access controls (WAF rules, IP restrictions to /cgi-bin/cstecgi.cgi) and monitor for exploitation attempts targeting the 'enabled' parameter in setOpenVpnClientCfg function. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7242 vulnerability details – vuln.today

Back

Totolink A8000RU CVE-2026-7242

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Totolink A8000RU CVE-2026-7242

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code