CVE-2026-7122

Daily digests

An attacker can inject OS commands remotely through the UPnP configuration handler on Totolink A8000RU routers running firmware 7.1cu.643_b20200521. No authentication is needed, and a public exploit already exists. CVSS 9.8, so this is full remote takeover of the device.

• Daily Digest · Apr 27, 2026

  5 CVSS 9.8s: Apache MINA, WordPress, Totolink