Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-7243 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-7243 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-7243 is a critical-severity input manipulation vulnerability affecting the setRadvdCfg function within the CGI handler component (/cgi-bin/cstecgi.cgi) of the Totolink A8000RU router running firmware version 7.1cu.643_b20200521.

Technical Detail

The flaw resides in insufficient input validation within the setRadvdCfg function of the device's CGI-based web management interface, which processes router advertisement daemon configuration requests. An attacker who can reach the CGI endpoint can supply crafted input to manipulate the function's behavior, with the likely outcome being remote code execution or command injection at the operating system level, consistent with similar vulnerabilities in this class of embedded router firmware. Given the CVSS score of 9.8, the vulnerability is assessed as network-exploitable, requiring no authentication and no user interaction, which places it in the highest risk tier for network-exposed devices.

Exploitation Status

No known exploit code has been publicly identified at this time, and this CVE is not currently listed in CISA's Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit as of May 5, 2026. However, the attack surface is straightforward and the vulnerability class is well understood, meaning the barrier to developing functional exploit code is relatively low.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence. Consumer and small business routers of this type are frequently targeted opportunistically by botnet operators and initial access brokers, but no confirmed activity tied to this CVE has been observed.

What To Do

Organizations and individuals operating the Totolink A8000RU on firmware version 7.1cu.643_b20200521 should check immediately for an updated firmware release from Totolink and apply it as a priority given the critical CVSS rating. If no patch is available, the management interface should be restricted from internet exposure by placing it behind a firewall or disabling remote management entirely. Network monitoring should be configured to flag unexpected outbound connections or anomalous HTTP POST requests to /cgi-bin/cstecgi.cgi. Given that this device is end-user grade hardware, replacement with a supported and actively maintained device should be considered if the vendor does not issue a timely patch.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →