top of page
perceptive_background_267k.jpg

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of …

Published:

26 april 2026 om 22:00:00

Alert date:

27 april 2026 om 17:03:10

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

A critical security vulnerability (CVE-2026-7137) has been identified in Totolink A8000RU router firmware version 7.1cu.643_b20200521. The vulnerability exists in the setStorageCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component. Attackers can exploit this flaw by manipulating the sambaEnabled argument to achieve OS command injection. The vulnerability allows for remote exploitation and poses significant security risks. Public exploits have been disclosed and are available for use, making this a high-priority security concern for affected devices.

Technical details

Mitigation steps:

Affected products:

Totolink A8000RU

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7137
https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_312/README.md
https://vuldb.com/submit/801008
https://vuldb.com/vuln/359736
https://vuldb.com/vuln/359736/cti
https://www.totolink.net/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page