9 vulnerabilities across 1 products scored HIGH or above on May 24, 2026.
- HIGH: 9
[HIGH] totolink/a8000ru
9 CVEs | CVSS 9.3 | AAS 8.4
Totolink A8000RU firmware version 7.1cu.643_b20200521 is affected by nine vulnerabilities, including multiple remote code execution flaws with a maximum CVSS score of 9.3. The primary issue involves an unauthenticated OS command injection vulnerability in the web management interface (/cgi-bin/cstecgi.cgi) for which public exploits exist. Organizations operating these devices should apply vendor updates immediately and restrict access to the management interface to trusted networks only.
- CVE-2026-9384 (CVSS 9.3)
- CVE-2026-9407 (CVSS 9.3)
- CVE-2026-9386 (CVSS 9.3)
- CVE-2026-9385 (CVSS 9.3)
- CVE-2026-9406 (CVSS 9.3)
- CVE-2026-9405 (CVSS 9.3)
- CVE-2026-9388 (CVSS 9.3)
- CVE-2026-9387 (CVSS 9.3)
- CVE-2026-9404 (CVSS 9.3)