CVE-2026-7124
Received Received - Intake
OS Command Injection in Totolink A8000RU CGI Handler

Publication date: 2026-04-27

Last updated on: 2026-04-27

Assigner: VulDB

Description
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7124
EUVD
EUVD-2026-25841
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a8000ru 7.1cu.643_b20200521
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-7124 vulnerability affects the TOTOLINK A8000RU router, version 7.1cu.643_b20200521. It is a command injection flaw located in the cstecgi.cgi CGI script, specifically in the function that processes the addrPrefixLen parameter.

An attacker can send a specially crafted HTTP POST request to the /cgi-bin/cstecgi.cgi endpoint with malicious shell commands embedded in the addrPrefixLen parameter. This causes the router to execute arbitrary operating system commands.

For example, an attacker can execute commands like listing directory contents and saving the output to a file on the device, demonstrating the ability to run arbitrary commands remotely.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary operating system commands on the affected router without any authentication.

  • Attackers can gain unauthorized control over the device.
  • They can manipulate router configurations or disrupt network operations.
  • Sensitive information stored or passing through the router could be exposed or altered.
  • It poses a significant security risk to the network and connected devices.
Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /cgi-bin/cstecgi.cgi with the parameter addrPrefixLen containing a command injection payload.

For example, you can test the vulnerability by sending a POST request with addrPrefixLen set to a command like `ls>./setIpv6LanCfg.txt`. If the router is vulnerable, it will execute the command and create a file named setIpv6LanCfg.txt containing the directory listing.

  • Use curl or a similar tool to send the test POST request: curl -X POST http://<router-ip>/cgi-bin/cstecgi.cgi -d "addrPrefixLen=ls>./setIpv6LanCfg.txt"
  • Check the router's file system for the presence of the file setIpv6LanCfg.txt to confirm command execution.
Compliance Impact

The CVE-2026-7124 vulnerability allows remote attackers to execute arbitrary operating system commands on the affected TOTOLINK A8000RU router. This type of vulnerability can lead to unauthorized access, data manipulation, or data exfiltration, which may compromise the confidentiality, integrity, and availability of sensitive information.

Such security breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require organizations to protect personal and sensitive data against unauthorized access and ensure the security of their IT systems.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to potential data breaches or loss of control over protected information.

Mitigation Strategies

To mitigate the CVE-2026-7124 vulnerability in the TOTOLINK A8000RU router, immediate steps include restricting remote access to the affected CGI interface to prevent exploitation.

Avoid exposing the /cgi-bin/cstecgi.cgi endpoint to untrusted networks or the internet.

Implement network-level controls such as firewall rules to block unauthorized HTTP POST requests targeting the vulnerable function.

Monitor the device for suspicious files or activities, such as unexpected files like setIpv6LanCfg.txt, which may indicate exploitation attempts.

Check for and apply any available firmware updates or patches from the vendor that address this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7124. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart