CVE

CVE-2026-7241

0field notes · 1digest CVSS 9.8

Daily digests

One more in the batch: remote OS command injection in the Totolink A8000RU through setWiFiBasicCfg via the 'wifiOff' parameter. Public exploit, CVSS 9.8. Combined with the other 3 CVEs hitting this same firmware, the entire CGI handler on this device should be considered untrusted.

Daily Digest · Apr 28, 2026
5 router RCEs with public exploits, all CVSS 9.8

CVE-2026-7241

5 router RCEs with public exploits, all CVSS 9.8