Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Analysis
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attacke
Remote OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated attacke
OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to
Remote OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows unauthenticated attackers to
OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attacke
OS command injection in Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows unauthenticated remote attacke
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25875