Skip to main content

Totolink A8000RU CVE-2026-7823

| EUVDEUVD-2026-27221 HIGH
OS Command Injection (CWE-78)
2026-05-05 VulDB
8.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.9 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 05, 2026 - 05:31 vuln.today
Severity Changed
May 05, 2026 - 05:22 NVD
CRITICAL HIGH
CVSS changed
May 05, 2026 - 05:22 NVD
9.8 (CRITICAL) 8.9 (HIGH)

DescriptionCVE.org

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Remote unauthenticated command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows attackers to execute arbitrary OS commands via the 'enable' parameter in the setAppFilterCfg function. Exploitation requires no authentication or user interaction, with a publicly available proof-of-concept exploit published on GitHub. CVSS 8.9 reflects critical impact across confidentiality, integrity, and availability, though EPSS data is unavailable to assess real-world exploitation probability. Not currently listed in CISA KEV, suggesting targeted rather than widespread exploitation at time of analysis.

Technical ContextAI

This vulnerability exploits CWE-78 (OS Command Injection) in the web-based administration interface of Totolink A8000RU wireless routers. The setAppFilterCfg CGI function in /cgi-bin/cstecgi.cgi fails to properly sanitize the 'enable' parameter before passing it to system shell commands. In typical embedded router architectures, CGI scripts often execute with elevated privileges (root or equivalent) to configure system services, meaning successful command injection grants full device control. The affected firmware version 7.1cu.643_b20200521 uses the CPE identifier cpe:2.3:a:totolink:a8000ru, indicating this is a known product in vulnerability databases. Command injection vulnerabilities in SOHO routers are particularly severe because these devices typically run BusyBox or similar minimal Linux environments where a single compromised process can control the entire device.

RemediationAI

No vendor-released patch identified at time of analysis-the official Totolink website (https://www.totolink.net/) does not provide a security advisory or updated firmware addressing CVE-2026-7823. Until an official patch is available, apply these SPECIFIC compensating controls: (1) Disable remote administration on the A8000RU-access the router admin panel, navigate to Management/Remote Access settings, and ensure web interface access is restricted to LAN-only (typically 192.168.x.x addresses), preventing internet-based exploitation; (2) If remote management is business-critical, implement firewall rules permitting admin interface access only from specific trusted IP addresses, though this requires static IPs and adds management overhead; (3) Place the A8000RU behind a second firewall appliance or replace with a router from a vendor with active security support, as Totolink's patch track record for legacy devices is uncertain. Monitor VulDB (https://vuldb.com/vuln/361075) and Totolink's support pages for firmware updates addressing this vulnerability.

CVE-2026-9436 HIGH POC
8.9 May 25

OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to

CVE-2026-9478 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke

CVE-2026-9477 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke

CVE-2026-9476 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke

CVE-2026-9475 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attacke

CVE-2026-9458 HIGH POC
8.9 May 25

Remote OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated attacke

CVE-2026-9457 HIGH POC
8.9 May 25

OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to

CVE-2026-9456 HIGH POC
8.9 May 25

Remote OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated attackers to

CVE-2026-9455 HIGH POC
8.9 May 25

OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to

CVE-2026-9454 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke

CVE-2026-9435 HIGH POC
8.9 May 25

OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to

CVE-2026-9434 HIGH POC
8.9 May 25

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attacke

Share

CVE-2026-7823 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy