Totolink A8000RU (7.1cu.643_b20200521) has a CRITICAL OS command injection vuln (CVE-2026-9406, CVSS 9.3). Exploit public, no patch yet. Restrict web UI, disable remote mgmt, monitor traffic. https://radar.offseq.com/threat/cve-2026-9406-os-command-injection-in-totolink-a80-bbf9cf37 #OffSeq #vuln #IoTSecurity #CVE20269406