CVE

CVE-2026-7242

0field notes · 1digest CVSS 9.8

Daily digests

Yet another remote command injection in the Totolink A8000RU, this time through the setOpenVpnClientCfg function's 'enabled' parameter. Public exploit, CVSS 9.8. If you're seeing a pattern here, you're right: this firmware version is riddled with unsanitized CGI inputs.

Daily Digest · Apr 28, 2026
5 router RCEs with public exploits, all CVSS 9.8

CVE-2026-7242

5 router RCEs with public exploits, all CVSS 9.8