Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-7155

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

View on NVD

Analysis

This vulnerability affects the firmware of a specific Totolink router model and allows for remote OS command injection. It is recommended to skip because it targets niche consumer hardware rather than the software development stacks or core infrastructure used by the community.

Severity

Score: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-77CWE-78

EPSS

Probability of exploitation (next 30 days): 0.0125 (1.3%)
Percentile: 79.5%
EPSS: 2026-05-06

Technical description

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Published: 4/27/2026, 9:16:43 PM
Last modified: 4/28/2026, 8:24:58 PM

References

HomeEventsBlogResourcesTeam