Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-7823

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Ver en NVD

Análisis

This vulnerability affects the firmware of a specific Totolink router model. It is not relevant to the MexicoDev community because it targets obscure consumer hardware rather than the software development tools, Linux servers, or cloud infrastructure used by the community.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-77CWE-78

EPSS

Probabilidad de explotación (próx. 30 días): 0.0089 (0.9%)
Percentil: 75.6%
EPSS: 2026-05-06

Descripción técnica

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Publicada: 5/5/2026, 5:16:01
Última modificación: 5/5/2026, 19:08:20

Referencias

InicioEventosBlogRecursosEquipo