CVE-2026-7139

CRITICAL CVSS 9.8 View on NVD ↗

Description

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_314/README.md
https://vuldb.com/submit/801106
https://vuldb.com/vuln/359738
https://vuldb.com/vuln/359738/cti
https://www.totolink.net/

Published: Apr 27, 2026 17:16 UTC Modified: Apr 27, 2026 18:35 UTC