CVE-2026-7152

· NIST NVD ↗

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

CRITICAL
CVSS severity
9.8
CVSS base score
2026-04-27
Published

CWE codes

CWE-77CWE-78

Sources