CVE-2026-9435 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setQosCfg enable os command injection

Inserito da Angelo Barbosa | Mag 24, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection.

This vulnerability is known as CVE-2026-9435. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

CVE-2026-9435 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setQosCfg enable os command injection

Post correlati

CVE-2024-8752 | Smart HMI WebIQ 2.15.19 path traversal

CVE-2024-20392 | Cisco Secure Email Gateway HTTP response splitting (cisco-sa-esa-http-split-GLrnnOwS)

CVE-2026-28130 | AndonDesign UDesign Plugin up to 4.14.0 on WordPress cross site scripting (EUVD-2026-9782)

CVE-2025-4395 | Medtronic MyCareLink Patient Monitor 24952 empty password in configuration file