Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
AnalysisAI
Remote unauthenticated command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows attackers to execute arbitrary OS commands via the 'enable' parameter in the setAppFilterCfg function. Exploitation requires no authentication or user interaction, with a publicly available proof-of-concept exploit published on GitHub. CVSS 8.9 reflects critical impact across confidentiality, integrity, and availability, though EPSS data is unavailable to assess real-world exploitation probability. Not currently listed in CISA KEV, suggesting targeted rather than widespread exploitation at time of analysis.
Technical ContextAI
This vulnerability exploits CWE-78 (OS Command Injection) in the web-based administration interface of Totolink A8000RU wireless routers. The setAppFilterCfg CGI function in /cgi-bin/cstecgi.cgi fails to properly sanitize the 'enable' parameter before passing it to system shell commands. In typical embedded router architectures, CGI scripts often execute with elevated privileges (root or equivalent) to configure system services, meaning successful command injection grants full device control. The affected firmware version 7.1cu.643_b20200521 uses the CPE identifier cpe:2.3:a:totolink:a8000ru, indicating this is a known product in vulnerability databases. Command injection vulnerabilities in SOHO routers are particularly severe because these devices typically run BusyBox or similar minimal Linux environments where a single compromised process can control the entire device.
RemediationAI
No vendor-released patch identified at time of analysis-the official Totolink website (https://www.totolink.net/) does not provide a security advisory or updated firmware addressing CVE-2026-7823. Until an official patch is available, apply these SPECIFIC compensating controls: (1) Disable remote administration on the A8000RU-access the router admin panel, navigate to Management/Remote Access settings, and ensure web interface access is restricted to LAN-only (typically 192.168.x.x addresses), preventing internet-based exploitation; (2) If remote management is business-critical, implement firewall rules permitting admin interface access only from specific trusted IP addresses, though this requires static IPs and adds management overhead; (3) Place the A8000RU behind a second firewall appliance or replace with a router from a vendor with active security support, as Totolink's patch track record for legacy devices is uncertain. Monitor VulDB (https://vuldb.com/vuln/361075) and Totolink's support pages for firmware updates addressing this vulnerability.
OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attacke
Remote OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated attacke
OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to
Remote OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated attackers to
OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke
OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attacke
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27221