CVE-2026-7121

CRITICAL CVSS 9.8 View on NVD ↗

Description

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_306/README.md
https://vuldb.com/submit/800933
https://vuldb.com/vuln/359720
https://vuldb.com/vuln/359720/cti
https://www.totolink.net/

Published: Apr 27, 2026 12:16 UTC Modified: Apr 27, 2026 18:36 UTC