CVE-2026-9456
CriticalSummary
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521, affecting the function setOpenVpnCfg in the file /cgi-bin/cstecgi.cgi of the Web Management Interface. Manipulation of the 'enabled' argument leads to OS command injection.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a serious security risk to the system. The public availability of the exploit increases the likelihood of attacks.
Recommendation
It is recommended to immediately update the software to the latest version to eliminate this vulnerability. Additionally, monitor systems for unauthorized activities.
Original NVD description (English source)
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used.

