Totolink A8000RU Critical Command Injection (CVE-2026-7139)

/CRITICAL /CVSS 9.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitycommand-injectioncwe-77cwe-78
Totolink A8000RU Critical Command Injection (CVE-2026-7139)

A critical vulnerability, CVE-2026-7139, has been identified in Totolink A8000RU firmware version 7.1cu.643_b20200521. This flaw, discovered in the setWiFiAclRules function within the /cgi-bin/cstecgi.cgi component’s CGI Handler, allows for remote operating system command injection. The vulnerability stems from improper handling of the mode argument.

The National Vulnerability Database (NVD) has assigned a CVSS score of 9.8 (Critical) to this issue, underscoring its severe impact. The root causes are categorized under CWE-77 (Improper Neutralization of Special Elements used in a Command) and CWE-78 (Improper Neutralization of Special Elements used in an OS Command). Attackers can exploit this remotely, and proof-of-concept exploit code has already been published, increasing the immediacy of the threat.

This is a classic command injection scenario, allowing unauthenticated attackers to execute arbitrary commands on the affected router. Given that these devices often sit at the network edge, a successful exploit grants attackers a foothold, potentially leading to network compromise, data exfiltration, or further internal pivoting. The widespread nature of vulnerable IoT devices makes this a significant concern for both home users and small to medium-sized businesses relying on such hardware.

What This Means For You

  • If your organization or home network uses a Totolink A8000RU router, especially the affected 7.1cu.643_b20200521 firmware, you are directly exposed to remote command injection via CVE-2026-7139. Immediately check your device's firmware version. If vulnerable, isolate the device, disable remote access, and seek vendor updates. This isn't theoretical; published exploits mean active attacks are highly probable.

Indicators of Compromise

IDTypeIndicator
CVE-2026-7139 Vulnerability CVE-2026-7139

Written by SCW Vulnerability Desk

🔎
Stay Ahead of Critical Vulnerabilities Use /brief to receive analyst-ready weekly threat summaries with severity rankings and key IOCs.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 27, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-7150 — Dh1011 Auto-Favicon Server-Side Request Forgery

CVE-2026-7150 — A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the component...

vulnerabilityCVEmedium-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-7149: Dexhunter Kaggle-MCP Path Traversal Vulnerability Disclosed

CVE-2026-7149 — A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation...

vulnerabilityCVEhigh-severitypath-traversalcwe-22
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-7148 — CodeAstro Online Classroom SQL Injection

CVE-2026-7148 — A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 7 Sigma