1 vulnerabilities scored HIGH or above on May 24, 2026.
- HIGH: 1
[HIGH] totolink/a8000ru
CVE-2026-9386 | CVSS 9.3
Totolink A8000RU router users running firmware version 7.1cu.643_b20200521 should prioritize patching a remote OS command injection vulnerability (CVE-2026-9386, CVSS 9.3) in the web management interface. An attacker can exploit the setLanguageCfg function via the lang parameter in /cgi-bin/cstecgi.cgi to execute arbitrary commands without authentication, and public exploit code is available. Organizations using these devices should immediately update to the latest firmware version or restrict network access to the management interface until a patch is deployed.