CVE Catalog

CVE-2026-9543

Critical
Published: Translated: NVD NIST

Summary

A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305, affecting the setPasswordCfg function in the /cgi-bin/cstecgi.cgi file of the Web Management Interface. Manipulation of the admpass argument leads to OS command injection.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a serious threat to the security of the system and the organization's data.

Recommendation

It is recommended to update the software to the latest version to mitigate this vulnerability and to monitor the system for unauthorized activities.

Original NVD description (English source)

A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS