Skip to main content

TOTOLINK A8000RU EUVD-2026-31673

| CVE-2026-9455 HIGH
OS Command Injection (CWE-78)
2026-05-25 VulDB GHSA-4crh-78xh-vwrj
Command Injection A8000Ru
8.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.9 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 09:34 vuln.today
Severity Changed
May 26, 2026 - 19:07 NVD
CRITICAL HIGH
CVSS changed
May 26, 2026 - 19:07 NVD
9.8 (CRITICAL) 8.9 (HIGH)
CVE Published
May 25, 2026 - 11:45 nvd
HIGH 8.9

DescriptionCVE.org

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

AnalysisAI

OS command injection in TOTOLINK A8000RU router firmware 7.1cu.643_b20200521 allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the FileName parameter in the UploadOpenVpnCert function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists per VulDB disclosure, and SSVC scoring indicates the flaw is automatable with total technical impact, though EPSS remains modest at 0.89% (76th percentile). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed A8000RU web interface
Delivery
Craft POST to /cgi-bin/cstecgi.cgi UploadOpenVpnCert
Exploit
Inject shell metacharacters via FileName parameter
Execution
Achieve command execution as root
Persist
Install persistent backdoor in firmware
Impact
Pivot to internal LAN hosts
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the TOTOLINK A8000RU web management interface (typically TCP/80 or TCP/443 on the LAN, and on the WAN only if the owner has enabled remote management - which is not the default on most SOHO routers). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H) with base score 8.9 indicates remote, low-complexity, unauthenticated exploitation yielding full confidentiality, integrity, and availability impact on the device - consistent with root-level RCE on the router. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker reachable to the router's web management interface - either from the internet if remote administration is enabled, or from the local network - sends a crafted HTTP POST to /cgi-bin/cstecgi.cgi invoking UploadOpenVpnCert with a FileName parameter containing shell metacharacters (e.g., a semicolon or backtick followed by a payload). The injected command executes as the web server process, which on TOTOLINK devices typically runs as root, granting full device takeover. …
Remediation No vendor-released patch identified at time of analysis - TOTOLINK has not published a fixed firmware version in the provided references. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

WITHIN 24 HOURS: Identify and inventory all TOTOLINK A8000RU routers running firmware 7.1cu.643_b20200521 or earlier; assess network exposure of management interfaces on ports 80/443. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31673 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy