NVD CRITICAL: CVE-2026-9456 — A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is t...

Monday, May 25, 2026 at 01:16 PM UTC·Source: NIST NVD

Updated: Tuesday, May 26, 2026 at 07:00 PM UTC

Executive Summary

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-9456

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 25, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Spain arrests doxer leaking sensitive data of govt employees

The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). [...]

1h agoBleepingComputer

MEDIUMVulnerability

Inspector general finds NIST mistakes have made vulnerability database ineffective

NIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s utility and public trust," according to an inspector general report.

2h agoThe Record

MEDIUMVulnerability

Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight

The former Colorado election clerk struck an unrepentant pose in her first interview after her prison sentence was commuted by Colorado Governor Jared Polis. The post Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight appeared first on CyberScoop .

2h agoCyberScoop