CVE-2026-5676

HIGH 7.3

Totolink A8000R cstecgi.cgi setLanguageCfg missing authentication

CVSS Score

7.3

EPSS Score

0.1%

EPSS Percentile

23th

A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available and might be used.

CWE	CWE-306 CWE-287
Vendor	totolink
Product	a8000r
Published	Apr 6, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for totolink a8000r

Be the first to know when new high vulnerabilities affecting totolink a8000r are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Totolink / A8000R

5.9c.681_B20180413

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/355503 vuldb.com: https://vuldb.com/vuln/355503/cti vuldb.com: https://vuldb.com/submit/792433 github.com: https://github.com/skeetabc/CVE-TOTOLINK-A800R/blob/main/vuln1_auth_bypass.md totolink.net: https://www.totolink.net/

Credits

🔍 skeet (VulDB User)