Which versions of Totolink A8000RU are affected by EUVD-2026-31670?

The Totolik A8000RU router (firmware 7.1cu.643_b20200521) contains a critical remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary commands through the OpenVPN…

Is there a public PoC exploit available for EUVD-2026-31670?

Yes, a public proof-of-concept exploit is available for EUVD-2026-31670. Prioritise patching immediately. EPSS: 0.9%.

How to fix or mitigate EUVD-2026-31670?

Within 24 hours: Identify all Totolik A8000RU routers in production (particularly firmware 7.1cu.643_b20200521) and immediately restrict network access to their administration interfaces using firewall rules-permit management access only from specific trusted internal IP ranges. Within 7 days: Contact Totolik for patch timeline; implement IDS/IPS detection signatures to monitor requests to /cgi-bin/cstecgi.cgi for command injection patterns; deploy network segmentation to isolate affected devices from high-value systems. Within 30 days: Evaluate replacement options with vendor-supported alternatives; if retention is necessary, implement additional controls such as reverse-proxy authentication or air-gapping from untrusted network segments; mandate firmware updates immediately upon vendor release.

Totolink A8000RU EUVD-2026-31670

Q: What is the CVSS score of EUVD-2026-31670?

EUVD-2026-31670 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.9%.

| CVE-2026-9454 HIGH

OS Command Injection (CWE-78)

2026-05-25 VulDB

GHSA-3h6x-px3r-wh95

Command Injection A8000Ru

8.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.9 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:41 vuln.today

Severity Changed

May 26, 2026 - 19:07 NVD

CRITICAL HIGH

CVSS changed

May 26, 2026 - 19:07 NVD

9.8 (CRITICAL) 8.9 (HIGH)

CVE Published

May 25, 2026 - 11:30 nvd

HIGH 8.9

DescriptionCVE.org

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.

AnalysisAI

OS command injection in the Totolink A8000RU router (firmware 7.1cu.643_b20200521) allows remote unauthenticated attackers to execute arbitrary commands via the servername parameter of the setOpenVpnCertGenerationCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (GitHub PoC), and although the EPSS score is modest (0.89%, 76th percentile), the CVSS 4.0 score of 8.9 reflects network-reachable, no-privilege, no-interaction exploitation with high confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Discover exposed A8000RU admin interface

Delivery

Craft POST to /cgi-bin/cstecgi.cgi

Exploit

Inject shell metacharacters in servername parameter

Install

setOpenVpnCertGenerationCfg passes argument to shell

Command executes as root on router

Execute

Install persistent implant or botnet agent

Impact

Pivot to internal network or join DDoS swarm