CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-9386 — A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted...

·Source: NIST NVD

Updated:

Executive Summary

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Analysis

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used. CVSS Score: 9.8. Published: 2026-05-24T15:16:28.377.

Indicators of Compromise (1)

CVE (1)
CVE-2026-9386
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 24, 2026. Verified by: NIST.

Related Threats

LOWVulnerability

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]

BleepingComputer
MEDIUMVulnerability

Click Or Trick (CVE-2025-59199): Escaping the Sandbox with Windows URIs

[object Object]

CVE-2025-59199
r/blueteamsec
MEDIUMVulnerability

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]

CVE-2026-0257
BleepingComputer