Which versions of Totolink A8000RU are affected by EUVD-2026-31641?

Totolink A8000RU routers (firmware 7.1cu.643_b20200521 and earlier) contain an unauthenticated remote code execution vulnerability (CVSS 8.9); publicly available exploit code exists.

Is there a public PoC exploit available for EUVD-2026-31641?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31641. Prioritise patching immediately. EPSS: 0.9%.

How to fix or mitigate EUVD-2026-31641?

24 hours: Identify all Totolink A8000RU routers in production; immediately segment from critical networks and restrict WAN access to management interfaces. 7 days: Monitor Totolink security advisories for patch releases; implement firewall rules blocking unauthorized access to affected systems. 30 days: Execute hardware replacement with patched alternatives; document all A8000RU systems as decommissioned or validated as patched.

Totolink A8000RU EUVD-2026-31641

Q: What is the CVSS score of EUVD-2026-31641?

EUVD-2026-31641 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.9%.

| CVE-2026-9433 HIGH

OS Command Injection (CWE-78)

2026-05-25 VulDB

GHSA-h6vr-9r9p-c6rf

Command Injection A8000Ru

8.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.9 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:22 vuln.today

Severity Changed

May 26, 2026 - 19:07 NVD

CRITICAL HIGH

CVSS changed

May 26, 2026 - 19:07 NVD

9.8 (CRITICAL) 8.9 (HIGH)

DescriptionCVE.org

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the 'enable' argument passed to the setMacFilterRules function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists per VulDB, and SSVC categorizes the technical impact as total with automatable exploitation, though EPSS remains modest at 0.89% (76th percentile).

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify Totolink A8000RU via banner/fingerprint

Delivery

Reach /cgi-bin/cstecgi.cgi over LAN or WAN

Exploit

Send POST to setMacFilterRules with injected enable parameter

Execution

cstecgi.cgi passes input to shell

Persist

Execute arbitrary commands as root

Impact

Install persistence or pivot to LAN hosts