CVE-2026-7139

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The exp...

critical 9.8 CVSS 3.1

Published: Apr 27, 2026

Modified: Apr 27, 2026

Description

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

References

https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_314/README.md
https://vuldb.com/submit/801106
https://vuldb.com/vuln/359738
https://vuldb.com/vuln/359738/cti
https://www.totolink.net/

Version	3.1
Score	9.8 / 10
Severity	critical