CVE-2026-7243
OS Command Injection in Totolink A8000RU CGI Handler (Remote
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a8000ru | 7.1cu.643_b20200521 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7243 is a command injection vulnerability in the TOTOLINK A8000RU router, version 7.1cu.643_b20200521. It exists in the CGI Handler component, specifically in the function setRadvdCfg within the /cgi-bin/cstecgi.cgi file.
The vulnerability arises because the maxRtrAdvInterval parameter is not properly sanitized before being passed to system command execution functions. An attacker can supply malicious input to this parameter, which is then executed by the router's operating system.
This allows remote attackers to execute arbitrary OS commands on the device by sending crafted HTTP POST requests to the vulnerable CGI endpoint.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows remote attackers to execute arbitrary operating system commands on the affected router without any authentication.
An attacker could use this to take control of the device, manipulate its configuration, disrupt network traffic, or use the device as a foothold to attack other systems on the network.
Since the exploit is publicly available, the risk of exploitation is high, increasing the likelihood of unauthorized access and potential data breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /cgi-bin/cstecgi.cgi with the parameter maxRtrAdvInterval set to a command that verifies command execution, such as `ls>./setRadvdCfg.txt`.
If the router is vulnerable, it will execute the injected command and create a file named setRadvdCfg.txt containing the directory listing.
A detection command example using curl would be:
- curl -X POST http://[router_ip]/cgi-bin/cstecgi.cgi -d "maxRtrAdvInterval=ls>./setRadvdCfg.txt"
After running the above command, check if the file setRadvdCfg.txt exists on the device or if the response indicates command execution.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Totolink A8000RU allows remote attackers to execute arbitrary operating system commands on the affected device due to command injection in the setRadvdCfg function. This can lead to unauthorized access, data manipulation, or disruption of services.
Such unauthorized access and potential data breaches can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data, ensuring confidentiality, integrity, and availability.
If exploited, this vulnerability could result in exposure or alteration of sensitive information, violating these regulations' requirements for data security and potentially leading to legal and financial consequences.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-7243 vulnerability in the TOTOLINK A8000RU router, immediate steps include restricting remote access to the affected CGI handler, especially the /cgi-bin/cstecgi.cgi endpoint, to prevent exploitation of the maxRtrAdvInterval parameter.
Additionally, it is advisable to monitor network traffic for suspicious POST requests targeting this endpoint and to apply any available firmware updates or patches from the vendor that address this command injection flaw.
If patches are not yet available, consider disabling the vulnerable service or function temporarily to prevent remote command execution.