CVE-2026-9543

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Vulnerability Details

Published Date

May 26, 2026

Last Modified

May 26, 2026

CWE ID

CWE-77

Source

NVD

External References

https://github.com/A1ester/TOTOLINK-N300RH-Command-Injection
https://vuldb.com/submit/815068
https://vuldb.com/vuln/365607
https://vuldb.com/vuln/365607/cti
https://www.totolink.net/

CVE-2026-9543

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment