A8000RU 7.1cu.643_b20200521

Totolink A8000RU version 7.1cu.643_b20200521 is vulnerable to remote OS command injection via manipulation of the Comment argument in the setIpQosRules function, allowing unauthenticated attackers to execute arbitrary commands on the device.

Totolink A8000RU version 7.1cu.643_b20200521 is vulnerable to remote command injection via the setOpenVpnCfg function, allowing unauthenticated attackers to execute arbitrary commands on the device.

Totolink A8000RU version 7.1cu.643_b20200521 is vulnerable to command injection via the setStaticDhcpRules function in the /cgi-bin/cstecgi.cgi file, allowing remote attackers to execute arbitrary OS commands by manipulating the 'enable' argument, and a public exploit is available.

CVE-2026-7240 is a critical OS command injection vulnerability in the Totolink A8000RU router that allows remote attackers to execute arbitrary commands by manipulating the 'User' argument in the 'setVpnAccountCfg' function.

A remote OS command injection vulnerability exists in the Totolink A8000RU router version 7.1cu.643_b20200521, allowing attackers to execute arbitrary commands by manipulating the 'tty_server' argument in the 'setAdvancedInfoShow' function.

A remote OS command injection vulnerability exists in Totolink A8000RU version 7.1cu.643_b20200521 via manipulation of the 'proto' argument in the /cgi-bin/cstecgi.cgi CGI handler, potentially leading to complete system compromise.