CVE

CVE-2026-7244

0field notes · 1digest CVSS 9.8

Daily digests

A remote attacker can inject OS commands into the Totolink A8000RU router through the setWiFiEasyGuestCfg function via the 'merge' parameter. No auth appears to be required, the exploit is public, and CVSS is 9.8. That means full device compromise from anywhere that can reach the management interface.

Daily Digest · Apr 28, 2026
5 router RCEs with public exploits, all CVSS 9.8

CVE-2026-7244

5 router RCEs with public exploits, all CVSS 9.8