CVE-2026-7823

Critical

Published: 05 May 2026

Published

05 May 2026

Modified

05 May 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0089 75.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been…

released to the public and may be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the OS command injection flaw in the setAppFilterCfg function by identifying, reporting, and correcting the vulnerability through patching or code fixes.

SI-10 Information Input Validation good match

prevent

Prevents command injection by requiring sanitization and validation of the untrusted 'enable' argument prior to processing in the cgi-bin script.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations to block unauthenticated remote access to the vulnerable /cgi-bin/cstecgi.cgi endpoint, preventing exploitation.

Security SummaryAI

CVE-2026-7823 is an OS command injection vulnerability (CWE-77, CWE-78) in the Totolink A8000RU router running firmware version 7.1cu.643_b20200521. The flaw resides in the setAppFilterCfg function within the /cgi-bin/cstecgi.cgi script, where manipulation of the "enable" argument allows arbitrary command execution. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical.

The vulnerability is exploitable remotely by unauthenticated attackers with network access, requiring low complexity and no user interaction. Successful exploitation grants attackers high-impact control over confidentiality, integrity, and availability, potentially enabling full router compromise, such as executing arbitrary system commands.

Advisories from VulDB detail the issue and reference a public exploit in a GitHub repository at https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_330/README.md, along with CTI tracking. The vendor's site at https://www.totolink.net/ is listed, but no specific patches or mitigations are detailed in the provided references.

The exploit has been publicly released, increasing the risk of real-world attacks against unpatched Totolink A8000RU devices.

Details

CWE(s): CWE-77 CWE-78

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

OS command injection in public router web CGI directly enables remote exploitation of a public-facing application (T1190) resulting in arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_330/README.md
cna@vuldb.com
https://vuldb.com/submit/807775
cna@vuldb.com
https://vuldb.com/vuln/361075
cna@vuldb.com
https://vuldb.com/vuln/361075/cti
cna@vuldb.com
https://www.totolink.net/
cna@vuldb.com