CVE-2026-7823
Command Injection in Totolink A8000RU
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a8000ru | 7.1cu.643_b20200521 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw found in the Totolink A8000RU router firmware version 7.1cu.643_b20200521. It exists in the function setAppFilterCfg within the file /cgi-bin/cstecgi.cgi. The flaw allows an attacker to manipulate the 'enable' argument, which leads to operating system command injection. This means an attacker can remotely execute arbitrary commands on the device.
How can this vulnerability impact me? :
The vulnerability can have severe impacts because it allows remote attackers to execute arbitrary operating system commands without any authentication or user interaction. This can lead to full compromise of the affected device, including unauthorized access, data theft, disruption of services, or using the device as a foothold for further attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to execute arbitrary OS commands on the affected Totolink A8000RU router due to improper input validation in the setAppFilterCfg function. This can lead to unauthorized access, data manipulation, or disruption of services.
Such unauthorized access and potential data breaches could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data. Exploitation of this vulnerability may result in exposure or compromise of protected information, thereby violating these regulatory requirements.
However, the provided information does not explicitly detail the direct compliance impact or specific regulatory consequences.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the vulnerable router targeting the /cgi-bin/cstecgi.cgi endpoint with a malicious 'enable' parameter to test for command injection.
For example, a test command could be to send a POST request with 'enable=ls>./setAppFilterCfg.txt' which attempts to create a file containing directory listings on the device, confirming the vulnerability if the file is created.
A sample curl command to test this might be:
- curl -X POST http://[router_ip]/cgi-bin/cstecgi.cgi -d "enable=ls>./setAppFilterCfg.txt"
After running the command, checking the router's filesystem for the presence of the 'setAppFilterCfg.txt' file would indicate successful command injection.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting remote access to the affected router, especially blocking access to the /cgi-bin/cstecgi.cgi endpoint from untrusted networks.
Additionally, disabling any unnecessary remote management features and monitoring network traffic for suspicious POST requests targeting the vulnerable function can help reduce risk.
Applying any available firmware updates or patches from the vendor that address this vulnerability is strongly recommended once they become available.