NVD CRITICAL: CVE-2026-9434 — A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b202005...

Monday, May 25, 2026 at 07:16 AM UTC·Source: NIST NVD

Updated: Tuesday, May 26, 2026 at 02:00 PM UTC

Executive Summary

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-9434

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 25, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Inspector general finds NIST mistakes have made vulnerability database ineffective

NIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s utility and public trust," according to an inspector general report.

1h agoThe Record

MEDIUMVulnerability

Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight

The former Colorado election clerk struck an unrepentant pose in her first interview after her prison sentence was commuted by Colorado Governor Jared Polis. The post Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight appeared first on CyberScoop .

2h agoCyberScoop

MEDIUMVulnerability

NSA selects new leads for key cybersecurity posts

David Imbordino, an NSA senior executive who most recently led its cybersecurity directorate in an acting capacity, has been named as its new chief. Bruce Jones, a career NSA technical and operational leader, as the new head of its Cybersecurity Collaboration Center.

3h agoThe Record