EUVD-2026-31607
GHSA-7vm6-8rjp-xqmw
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit is publicly available and might be used.
AnalysisAI
OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary shell commands by manipulating the 'provider' argument passed to the setDdnsCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (CVSS 4.0 base 8.9, EPSS 0.89%), and no CISA KEV listing has been issued, but the combination of zero-privilege network exploitation and a working PoC against consumer/SOHO networking gear makes this a high-priority issue for any exposed device.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must be able to reach the router's Web Management Interface over HTTP/HTTPS - exploitation requires only network reachability to /cgi-bin/cstecgi.cgi on a Totolink A8000RU running firmware 7.1cu.643_b20200521; no credentials, no user interaction, and no non-default configuration are needed (CVSS AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N indicates the lowest possible barrier to exploitation - network-reachable, low complexity, no authentication, no user interaction - with high confidentiality, integrity, and availability impact on the vulnerable component (VC:H/VI:H/VA:H), justifying the 8.9 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same network segment, or on the internet if the router's web admin is WAN-exposed, sends a single crafted HTTP POST to /cgi-bin/cstecgi.cgi invoking setDdnsCfg with a 'provider' value containing shell metacharacters (for example, a command-substitution payload that runs telnetd or fetches a second-stage binary). Because the request needs no credentials and a working PoC is published on GitHub, the scenario reduces to scan-and-shell automation that drops the router into a botnet, alters DNS settings for traffic interception, or pivots into the LAN. |
| Remediation | No vendor-released patch identified at time of analysis - Totolink has not published a fixed firmware build in the supplied references. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Totolik A8000RU devices running firmware 7.1cu.643_b20200521 or earlier; isolate affected units from production networks where possible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today