{"vulnerability": "cve-2026-9436", "sightings": [{"uuid": "6a6e023c-f763-490a-a86a-817b835d03a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9436", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116634394602750284", "content": "\ud83d\udd34 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) has an unauthenticated OS command injection bug (CVE-2026-9436). Exploit released, no patch yet. Restrict web management access and monitor closely. https://radar.offseq.com/threat/cve-2026-9436-os-command-injection-in-totolink-a80-126727b4 #OffSeq #Vulnerability #Security #Router", "creation_timestamp": "2026-05-25T09:00:25.690588Z"}, {"uuid": "b422cca6-c926-42f5-8bb8-c818d5d88a31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9436", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmo4i2gcpn2f", "content": "Totolink A8000RU (7.1cu.643_b20200521) faces CRITICAL OS command injection (CVE-2026-9436). Exploit public, patch unavailable. Restrict admin access and monitor activity now. https://radar.offseq.com/threat/cve-2026-9436-os-command-injection-in-totolink-a80-126727b4 #OffSeq #Vulnerability #IoTSec...", "creation_timestamp": "2026-05-25T09:00:27.456018Z"}, {"uuid": "0af2c721-537a-4ceb-9f22-b3fec00670fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9436", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motytigiy32b", "content": "\ud83d\udea8  ALERT: CVE-2026-9436\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nA flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lea", "creation_timestamp": "2026-06-22T04:01:37.453485Z"}]}