CVE-2026-9543
9.8 CRITICALA vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305
Published: 2026-05-26 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-77, CWE-78
Description
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9543
- [Other]https://github.com/A1ester/TOTOLINK-N300RH-Command-Injection
- [Other]https://vuldb.com/submit/815068
- [Other]https://vuldb.com/vuln/365607
- [Other]https://vuldb.com/vuln/365607/cti
- [Other]https://www.totolink.net/
- [Other]https://vuldb.com/submit/815068
Related CVEs
Same CWE
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-42563 — Dulwich is a pure-Python implementation of the Git file formats and protocols
- CVE-2026-0273 — A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrict...
- CVE-2026-6893 — A flaw was found in dracut (8.8 HIGH)
- CVE-2026-46643 — Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page