{"uuid": "244d459a-5c1e-4756-ad9a-9b31188bc300", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-7538", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116497083785915898", "content": "\ud83d\udea8 CVE-2026-7538 (CRITICAL, CVSS 9.3): Totolink A8000RU 7.1cu.643_b20200521 OS command injection in CGI handler allows unauthenticated remote code execution. No patch \u2014 restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-7538-os-command-injection-in-totolink-a80-28438d15 #OffSeq #CVE20267538 #IoTSecurity #Vuln", "creation_timestamp": "2026-05-01T03:00:32.497123Z"}