CVE-2026-9436 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setL2tpServerCfg enable os command injection

Inserito da Angelo Barbosa | Mag 24, 2026 | CVE

A vulnerability, which was classified as critical, was found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection.

This vulnerability is handled as CVE-2026-9436. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-9436 | Totolink A8000RU 7.1cu.643_b20200521 Web Management Interface /cgi-bin/cstecgi.cgi setL2tpServerCfg enable os command injection

Post correlati

CVE-2024-24921 | Siemens Simcenter Femap prior 2401.0000 Catia Model File memory corruption (ssa-000072)

CVE-2024-30051 | Microsoft Windows up to Server 2022 DWM Core Library heap-based overflow

CVE-2025-11122 | Tenda AC18 15.03.05.19 /goform/WizardHandle WANT/mtuvalue stack-based overflow

CVE-2024-54792 | SpagoBI 3.5.1 Administration Panel cross-site request forgery