CVE-2026-7123

· NIST NVD ↗

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.

CRITICAL
CVSS severity
9.8
CVSS base score
2026-04-27
Published

CWE codes

CWE-77CWE-78

Sources