NVD CRITICAL: CVE-2026-9432 — A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Thi...

Monday, May 25, 2026 at 07:16 AM UTC·Source: NIST NVD

Updated: Tuesday, May 26, 2026 at 02:00 PM UTC

Executive Summary

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-9432

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 25, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Click Or Trick (CVE-2025-59199): Escaping the Sandbox with Windows URIs

[object Object]

CVE-2025-59199

4h agor/blueteamsec

MEDIUMVulnerability

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]

CVE-2026-0257

17h agoBleepingComputer

CRITICALVulnerabilityPOC

Exploit Code Published for Critical Flowise RCE Vulnerability

The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek .

CVE-2026-40933

19h agoSecurityWeek