Totolink A8000RU Pre-Auth Command Injection Vulnerability (#80106)

Vulnerability Overview Vulnerability ID: #80106 Vulnerability Name: Totolink A8000RU 7.1cu.643_b20200521 Command Injection Description: A pre-authentication OS command injection vulnerability exists in the feature of the Totolink A8000RU 7.1cu.643_b20200521 router. This feature is exposed via the web management interface ( ). The CGI handler retrieves user-controlled input from the HTTP parameter and embeds it into a shell command string executed using , without any sanitization or escaping. Consequently, a remote attacker with network access can inject arbitrary shell commands into the web interface and execute them with root privileges on the device without authentication. This allows for complete control of the router and potentially further control over the connected network. Affected Scope Affected Device: Totolink A8000RU 7.1cu.643_b20200521 Impact Level: High (can lead to complete device control) Remediation Current Status: Accepted Recommended Measures: The vendor should release a firmware update as soon as possible to fix this command injection vulnerability. Users should regularly check and update their router firmware to ensure they are using the latest version. POC Code / Exploit Code No specific POC code or exploit code is provided in the page. Additional Information Source: GitHub Link Submission Time: April 9, 2026, 03:32 PM Review Time: April 26, 2026, 09:13 PM VulDB Entry: 359724 Credits: 20 Community Content The submission was completed by a VulDB community user; VulDB is not responsible for the content or external links. Exercise caution when using the provided information, as it may contain malicious or harmful content. Documents Submission Policy Data Processing CVE Handling Copyright Information 1997-2026 vuldb.com · cc-by-nc-sa

Goal Reached Thanks to every supporter — we hit 100%!

Totolink A8000RU Pre-Auth Command Injection Vulnerability (#80106)