CVE-2026-7156

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Apr 27, 2026

Vendor unknown

Description

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.

References

https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_320/README.md
https://vuldb.com/submit/801142
https://vuldb.com/vuln/359755
https://vuldb.com/vuln/359755/cti
https://www.totolink.net/