CVE-2026-7152CRITICAL 9.8EPSS p75.2%

CVE-2026-7152CVE-2026-7152

Description

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.77% probability of exploitation · percentile 75.2% · 2026-06-19T12:03:05Z
Published2026-04-27
Last modified2026-04-27

Underlying weaknesses· 2

CWE-77CWE-78

References

  1. https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_316/README.md
  2. https://vuldb.com/submit/801138
  3. https://vuldb.com/vuln/359751
  4. https://vuldb.com/vuln/359751/cti
  5. https://www.totolink.net/

2

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-7154
CVE
CVE-2026-7156
CVE
CVE-2026-7122
CVE
CVE-2026-7203
CVE
CVE-2026-7140
CVE
CVE-2026-7121
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.