[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-9436":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-25T13:20:33.116Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":75,"aliases":85,"duplicate_of":9,"upstream":86,"downstream":87,"duplicates":88,"related":89,"reserved_at":9,"published_at":90,"modified_at":90,"state":91,"summary":92,"references_raw":98,"kevs":130,"epss":9,"epss_history":131,"metrics":132,"affected":144},"CVE-2026-9436","A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.",null,[11,40],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],{"_key":41,"id":41,"name":42,"description":43,"type":15,"status":44,"abstraction":45,"likelihood_of_exploit":18,"capec":46},"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","Draft","Class",[47,51,53,57,61,65,67,71],{"id":48,"name":49,"techniques":50},"CAPEC-136","LDAP Injection",[],{"id":25,"name":26,"techniques":52},[],{"id":54,"name":55,"techniques":56},"CAPEC-183","IMAP/SMTP Command Injection",[],{"id":58,"name":59,"techniques":60},"CAPEC-248","Command Injection",[],{"id":62,"name":63,"techniques":64},"CAPEC-40","Manipulating Writeable Terminal Devices",[],{"id":29,"name":30,"techniques":66},[],{"id":68,"name":69,"techniques":70},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":72,"name":73,"techniques":74},"CAPEC-76","Manipulating Web Input to File System Calls",[],[76],{"_key":77,"name":78,"source":79,"url":80,"maturity":81,"reliability_score":82,"verified":83,"type":9,"platforms":84,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_LITENGZHENG_VULDB_NEW2","Vuldb New2","github","https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_305/README.md","poc",0.3,false,[],[],[],[],[],[],"2026-05-25T07:00:25.325Z","PUBLISHED",{"cisa_kev":83,"cisa_ransomware":83,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":93,"severity_score":94,"severity_version":95,"severity_source":96,"severity_vector":97,"severity_status":91},"high",10,"v2.0","cve.org","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",[99,105,111,116,120,125],{"url":100,"sources":101,"tags":102},"https://vuldb.com/vuln/365417",[96],[103,104],"VDB Entry","Technical Description",{"url":106,"sources":107,"tags":108},"https://vuldb.com/vuln/365417/cti",[96],[109,110],"Signature","Permissions Required",{"url":112,"sources":113,"tags":114},"https://vuldb.com/submit/813909",[96],[115],"Third Party Advisory",{"url":117,"sources":118,"tags":119},"https://vuldb.com/submit/813461",[96],[115],{"url":121,"sources":122,"tags":123},"https://github.com/Litengzheng/vuldb_new2/blob/main/A8000RU/vul_357/README.md",[96],[124],"Exploit",{"url":126,"sources":127,"tags":128},"https://www.totolink.net/",[96],[129],"Product",[],[],[133],{"source":96,"cvss_v2_0":134,"cvss_v3_0":135,"cvss_v3_1":139,"cvss_v4_0":141},{"baseScore":94,"baseSeverity":9,"vectorString":97,"impactScore":94,"exploitabilityScore":94},{"baseScore":136,"baseSeverity":137,"vectorString":138,"impactScore":136,"exploitabilityScore":94},9.8,"CRITICAL","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",{"baseScore":136,"baseSeverity":137,"vectorString":140,"impactScore":136,"exploitabilityScore":94},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",{"baseScore":142,"baseSeverity":137,"vectorString":143,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",[145],{"ecosystem":9,"name":146,"vendor":147,"product":148,"cpe_part":149,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":150},"A8000RU","totolink","a8000ru","a",[151],{"version":152,"is_range":83,"range_type":96,"version_start":152,"version_start_type":153,"version_end":152,"version_end_type":153,"fixed_in":9},"7.1cu.643_b20200521","including"]