CVE Catalog

CVE-2026-9405

Critical
Published: Translated: NVD NIST

Summary

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521 in the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the Web Management Interface. Manipulating the argument enable results in os command injection.

Risk Assessment

Remote exploitation of this vulnerability is possible, posing a serious security threat to the system. A publicly available exploit may be used for attacks.

Recommendation

It is recommended to update the software to the latest version to eliminate this vulnerability. Additionally, monitor systems for unauthorized activities.

Original NVD description (English source)

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS