NVD CRITICAL: CVE-2026-9387 — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The...

Sunday, May 24, 2026 at 03:16 PM UTC·Source: NIST NVD

Updated: Tuesday, May 26, 2026 at 02:00 PM UTC

Executive Summary

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-9387

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 24, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Juspay joins Mastercard Engage network

Juspay, a leading global payments technology company, today announced that it has joined the Mastercard Engage partner network as a certified third-party partner for Mastercard Click to Pay.

Just nowFinextra

MEDIUMVulnerabilityNEW

Ripple brings RLUSD stablecoin to Turkey

Ripple, the leading provider of blockchain-based enterprise solutions across traditional and digital finance, today announced that its enterprise-grade, USD-backed stablecoin Ripple USD (RLUSD) is now available to institutions in Türkiye through three new partnerships with BiLira, Bitexen and Bitlo.

Just nowFinextra

MEDIUMVulnerabilityNEW

PayAngel taps Currencycloud to strengthen multicurrency accounts and payouts

PayAngel, a cross-border payments platform built by migrants and shaped by a lived understanding of the migrant journey, today announced an expanded collaboration with Visa, a world leader in digital payments.

Just nowFinextra