CVE-2026-7823
Deferred Deferred - Pending Action

Command Injection in Totolink A8000RU

Vulnerability report for CVE-2026-7823, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-05

Last updated on: 2026-05-05

Assigner: VulDB

Description

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-05
Last Modified
2026-05-05
Generated
2026-07-06
AI Q&A
2026-05-05
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
totolink a8000ru 7.1cu.643_b20200521

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a security flaw found in the Totolink A8000RU router firmware version 7.1cu.643_b20200521. It exists in the function setAppFilterCfg within the file /cgi-bin/cstecgi.cgi. The flaw allows an attacker to manipulate the 'enable' argument, which leads to operating system command injection. This means an attacker can remotely execute arbitrary commands on the device.

Impact Analysis

The vulnerability can have severe impacts because it allows remote attackers to execute arbitrary operating system commands without any authentication or user interaction. This can lead to full compromise of the affected device, including unauthorized access, data theft, disruption of services, or using the device as a foothold for further attacks.

Compliance Impact

The vulnerability allows remote attackers to execute arbitrary OS commands on the affected Totolink A8000RU router due to improper input validation in the setAppFilterCfg function. This can lead to unauthorized access, data manipulation, or disruption of services.

Such unauthorized access and potential data breaches could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data. Exploitation of this vulnerability may result in exposure or compromise of protected information, thereby violating these regulatory requirements.

However, the provided information does not explicitly detail the direct compliance impact or specific regulatory consequences.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the vulnerable router targeting the /cgi-bin/cstecgi.cgi endpoint with a malicious 'enable' parameter to test for command injection.

For example, a test command could be to send a POST request with 'enable=ls>./setAppFilterCfg.txt' which attempts to create a file containing directory listings on the device, confirming the vulnerability if the file is created.

A sample curl command to test this might be:

  • curl -X POST http://[router_ip]/cgi-bin/cstecgi.cgi -d "enable=ls>./setAppFilterCfg.txt"

After running the command, checking the router's filesystem for the presence of the 'setAppFilterCfg.txt' file would indicate successful command injection.

Mitigation Strategies

Immediate mitigation steps include restricting remote access to the affected router, especially blocking access to the /cgi-bin/cstecgi.cgi endpoint from untrusted networks.

Additionally, disabling any unnecessary remote management features and monitoring network traffic for suspicious POST requests targeting the vulnerable function can help reduce risk.

Applying any available firmware updates or patches from the vendor that address this vulnerability is strongly recommended once they become available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7823. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart