Which versions of TOTOLINK A8000RU are affected by EUVD-2026-31609?

TOTOLINK A8000RU routers (firmware 7.1cu.643_b20200521) suffer from remote code execution vulnerabilities exploitable without authentication, enabling attackers to seize full control of affected…

Is there a public PoC exploit available for EUVD-2026-31609?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31609. Prioritise patching immediately. EPSS: 0.9%.

How to fix or mitigate EUVD-2026-31609?

Within 24 hours: Identify all TOTOLINK A8000RU routers in your environment, document firmware versions, and audit which devices have internet-accessible management interfaces. Within 7 days: Implement emergency network segmentation (move management interfaces to isolated VLANs, restrict access via firewall rules, or disable internet-facing management entirely) and escalate procurement of replacement router models. Within 30 days: Complete replacement of all affected TOTOLINK A8000RU units with supported alternatives; do not rely solely on network controls long-term.

TOTOLINK A8000RU EUVD-2026-31609

Q: What is the CVSS score of EUVD-2026-31609?

EUVD-2026-31609 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.9%.

| CVE-2026-9408 HIGH

OS Command Injection (CWE-78)

2026-05-25 VulDB

GHSA-rq43-h4ch-33gm

Command Injection A8000Ru

8.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.9 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:40 vuln.today

Severity Changed

May 26, 2026 - 19:07 NVD

CRITICAL HIGH

CVSS changed

May 26, 2026 - 19:07 NVD

9.8 (CRITICAL) 8.9 (HIGH)

DescriptionCVE.org

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.

AnalysisAI

OS command injection in the TOTOLINK A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'enable' parameter passed to the setStaticDhcpRules function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists and SSVC rates this as automatable with total technical impact, though EPSS remains modest at 0.89% (76th percentile). …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Scan for exposed A8000RU web interface

Delivery

Craft POST to /cgi-bin/cstecgi.cgi setStaticDhcpRules

Exploit

Inject shell metacharacters into 'enable' parameter

Execution

CGI executes commands as root

Persist

Drop persistence or backdoor binary

Impact

Pivot to LAN clients and traffic