Which versions of TOTOLINK A8000RU are affected by CVE-2026-9456?

TOTOLIK A8000RU routers running firmware 7.1cu.643_b20200521 are remotely exploitable by unauthenticated attackers through command injection in the management interface, enabling complete device…

Is there a public PoC exploit available for CVE-2026-9456?

Yes, a public proof-of-concept exploit is available for CVE-2026-9456. Prioritise patching immediately. EPSS: 0.9%.

How to fix or mitigate CVE-2026-9456?

Within 24 hours: Identify and inventory all TOTOLIK A8000RU routers; determine WAN accessibility of management interfaces. Within 7 days: Implement firewall rules blocking inbound WAN access to router management HTTP/HTTPS services and isolate affected devices on restricted network segments. Within 30 days: Contact TOTOLIK for patched firmware availability and deploy immediately upon release; if no patch timeline emerges, evaluate replacement with alternative vendor products.

TOTOLINK A8000RU CVE-2026-9456

Q: What is the CVSS score of CVE-2026-9456?

CVE-2026-9456 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.9%.

EUVD-2026-31674 HIGH

OS Command Injection (CWE-78)

2026-05-25 VulDB

GHSA-x66f-p4rh-4mgx

Command Injection A8000Ru

8.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.9 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:41 vuln.today

Severity Changed

May 26, 2026 - 19:07 NVD

CRITICAL HIGH

CVSS changed

May 26, 2026 - 19:07 NVD

9.8 (CRITICAL) 8.9 (HIGH)

CVE Published

May 25, 2026 - 12:00 nvd

HIGH 8.9

DescriptionCVE.org

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used.

AnalysisAI

Remote OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated attackers to execute arbitrary commands via the setOpenVpnCfg function in /cgi-bin/cstecgi.cgi by manipulating the 'enabled' argument. Publicly available exploit code exists, raising the risk of opportunistic attacks against exposed devices, though EPSS scoring (0.89%, 76th percentile) suggests moderate but not yet widespread exploitation. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify exposed A8000RU admin interface

Delivery

Craft malicious setOpenVpnCfg request

Exploit

Inject shell metacharacters in 'enabled' param

Execution

cstecgi.cgi executes OS command as root

Persist

Establish persistence on router

Impact

Pivot into internal network