CRITICALCVE-2026-9543Published 2026-05-26Modified 2026-05-26CNA VulDB

CVE-2026-9543: Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection

A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

Totolink / N300RH
6.1c.1353_B20190305

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-365607 | Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection
VDB-365607 | CTI Indicators (IOB, IOC, TTP, IOA)
Submit #815068 | Totolink N300RHv4 V6.1c.1353_B20190305 OS Command Injection
github.com
totolink.net

Metrics