CVE-2026-9436

CRITICAL

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 5/25/2026Modified: 5/26/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2026-9436 — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted elem...

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.

CVE-2026-9436
NIST NVD

References (6)

https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_357/README.mdhttps://vuldb.com/submit/813461https://vuldb.com/submit/813909https://vuldb.com/vuln/365417https://vuldb.com/vuln/365417/ctihttps://www.totolink.net/