EUVD-2026-31637
GHSA-8w2c-gjp9-mhg6
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
AnalysisAI
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the bgProtection parameter in the setWiFiAdvancedCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists per VulDB, and SSVC classifies the issue as automatable with total technical impact, though EPSS exploitation probability remains modest at 0.89% (76th percentile).
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against default configurations of the Totolink A8000RU running firmware 7.1cu.643_b20200521, as long as the web management interface (/cgi-bin/cstecgi.cgi) is reachable from the attacker's network position. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N with VC:H/VI:H/VA:H) indicates the flaw is network-reachable, low-complexity, unauthenticated, requires no user interaction, and yields full confidentiality/integrity/availability impact - confirmed by the SSVC assessment of Automatable=yes and Technical Impact=total. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker locates an internet-exposed A8000RU (e.g., via Shodan or routine scanning of port 80/443), sends a crafted HTTP POST to /cgi-bin/cstecgi.cgi invoking setWiFiAdvancedCfg with shell metacharacters injected into the bgProtection argument, and obtains command execution as the web server user - typically root on embedded routers. With the public POC referenced at github.com/Litengzheng/vuldb_new2, this can be automated to deploy router-resident malware (e.g., Mirai-class implants), pivot into the LAN, or modify DNS/routing to intercept user traffic. |
| Remediation | No vendor-released patch identified at time of analysis - Totolink has not published a firmware advisory in the supplied references, so administrators should monitor https://www.totolink.net/ for an updated firmware build superseding 7.1cu.643_b20200521 and apply it as soon as available. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Totolink A8000RU devices and confirm firmware version (particularly 7.1cu.643_b20200521 and earlier); prioritize identifying internet-facing units and assess current exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today