Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-7823

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

View on NVD

Analysis

This vulnerability affects the firmware of a specific Totolink router model. It is not relevant to the MexicoDev community because it targets obscure consumer hardware rather than the software development tools, Linux servers, or cloud infrastructure used by the community.

Severity

Score: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-77CWE-78

EPSS

Probability of exploitation (next 30 days): 0.0089 (0.9%)
Percentile: 75.6%
EPSS: 2026-05-06

Technical description

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Published: 5/5/2026, 5:16:01 AM
Last modified: 5/5/2026, 7:08:20 PM

References

HomeEventsBlogResourcesTeam