CVE 9.3 CRITICAL

Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection_CVE-2026-7203

April 27, 2026 invoker category_cve
9.3 / 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used.

AI Analysis

OS command injection vulnerability in Totolink A8000RU via the setUrlFilterRules function in the /cgi-bin/cstecgi.cgi file

Basic Information

ID CVE-2026-7203
Source VulDB
Published Apr 28, 2026 at 00:00

Affected Product

Vendor Totolink
Product A8000RU
Version 7.1cu.643_b20200521
Affected Versions Totolink A8000RU 7.1cu.643_b20200521

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 9.3 / 10
AI Severity Critical
Vendor Totolink
Product A8000RU
Version 7.1cu.643_b20200521

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.