NVD CRITICAL: CVE-2026-9404 — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This aff...

Sunday, May 24, 2026 at 11:16 PM UTC·Source: NIST NVD

Updated: Tuesday, May 26, 2026 at 02:00 PM UTC

Executive Summary

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit is publicly available and might be used.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-9404

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 24, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

PayWallet expands payout capabilities with TerraPay integration

TerraPay, a global money movement company, has partnered with PalWallet, a fintech infrastructure provider focused on stablecoin settlement, global payments infrastructure and embedded financial services, to help businesses move money across borders faster and more efficiently.

Just nowFinextra

MEDIUMVulnerabilityNEW

UK Payments Initiative launches to challenge Visa and Mastercard stranglehold

The UK Payments Initiative, a new company formed with the backing of the UK's biggest banks, has gone live, with the aim of undermining the dominance of US card networks in payments.

41m agoFinextra

MEDIUMVulnerabilityNEW

Meta AI Hands Over High-Profile Instagram Accounts to Hackers

Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address. The post Meta AI Hands Over High-Profile Instagram Accounts to Hackers appeared first on SecurityWeek .

43m agoSecurityWeek