Which versions of TOTOLINK A8000RU are affected by CVE-2026-9388?

The TOTOLINK A8000RU router (firmware 7.1cu.643_b20200521) contains a high-severity remote code execution vulnerability (CVE-2026-9388) allowing unauthenticated attackers to gain complete control of…

Is there a public PoC exploit available for CVE-2026-9388?

Yes, a public proof-of-concept exploit is available for CVE-2026-9388. Prioritise patching immediately. EPSS: 0.9%.

How to fix or mitigate CVE-2026-9388?

Within 24 hours: Identify and inventory all TOTOLINK A8000RU routers with internet-facing Web Management Interfaces. Within 7 days: Restrict network access to /cgi-bin/cstecgi.cgi and router management ports using firewall rules-permit only from trusted internal networks, and disable remote management if operationally feasible. Within 30 days: Monitor TOTOLINK security advisories for firmware patches (no vendor-released patch identified at time of analysis) and deploy immediately upon release; consider retiring or deep-isolating vulnerable units if patches remain unavailable.

TOTOLINK A8000RU CVE-2026-9388

Q: What is the CVSS score of CVE-2026-9388?

CVE-2026-9388 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.9%.

EUVD-2026-31544 HIGH

OS Command Injection (CWE-78)

2026-05-24 VulDB

GHSA-pj7j-39r4-pr94

Command Injection A8000Ru

8.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.9 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:26 vuln.today

Severity Changed

May 26, 2026 - 19:07 NVD

CRITICAL HIGH

CVSS changed

May 26, 2026 - 19:07 NVD

9.8 (CRITICAL) 8.9 (HIGH)

DescriptionCVE.org

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

OS command injection in the TOTOLINK A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'mode' parameter sent to the setScheduleCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (published via VulDB and a GitHub PoC), though there is no public exploit identified as actively exploited in the wild and EPSS probability is modest at 0.89%. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify exposed A8000RU admin interface

Delivery

Craft POST to /cgi-bin/cstecgi.cgi setScheduleCfg

Exploit

Inject shell metacharacters into mode parameter

Execution

Trigger command execution as root

Persist

Download and run implant payload

Impact

Pivot into LAN or join botnet