CVE 8.7 HIGH

Totolink NR1800X cstecgi.cgi sub_41A68C command injection_CVE-2026-7548

April 30, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

AI Analysis

Command injection vulnerability in Totolink NR1800X via manipulation of the setUssd argument in the cstecgi.cgi file

Basic Information

ID CVE-2026-7548

Source VulDB

Published May 1, 2026 at 02:30

Affected Product

Vendor Totolink

Product NR1800X

Version 9.1.0u.6279_B20210910

Affected Versions Totolink NR1800X 9.1.0u.6279_B20210910

CWE Classification

CWE-77 CWE-74

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Totolink

Product NR1800X

Version 9.1.0u.6279_B20210910

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.",
    "published": "2026-05-01T02:30:14.699Z",
    "modified": "2026-05-01T02:30:14.699Z",
    "type": "cve",
    "title": "Totolink NR1800X cstecgi.cgi sub_41A68C command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360358\nhttps://vuldb.com/vuln/360358/cti\nhttps://vuldb.com/submit/804417\nhttps://github.com/newym/cve/blob/main/totolink%20nr1800x%20command%20injection.md\nhttps://www.totolink.net/",
    "id": "CVE-2026-7548",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Totolink NR1800X 9.1.0u.6279_B20210910",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NR1800X",
    "version": "9.1.0u.6279_B20210910",
    "vendor": "Totolink",
    "ai_description": "Command injection vulnerability in Totolink NR1800X via manipulation of the setUssd argument in the cstecgi.cgi file",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "NR1800X",
    "ai_version": "9.1.0u.6279_B20210910",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply