CVE-2026-5676

HIGH WAF: Low

CVSS 7.3 Published: 2026-04-06

CWE-287

A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available and might be used.

WAF Coverage Analysis

Improper Authentication Low WAF Coverage

OWASP: A07:2021 Identification and Authentication Failures

References

github.com
vuldb.com
vuldb.com
vuldb.com
www.totolink.net

Back to CVE Database