CVE 9.3 CRITICAL

Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection_CVE-2026-9543

May 26, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

AI Analysis

OS command injection vulnerability in Totolink N300RH Web Management Interface

Basic Information

ID CVE-2026-9543

Source VulDB

Published May 26, 2026 at 12:30

Affected Product

Vendor Totolink

Product N300RH

Version 6.1c.1353_B20190305

Affected Versions Totolink N300RH 6.1c.1353_B20190305

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Totolink

Product N300RH

Version 6.1c.1353_B20190305

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2026-05-26T12:30:11.976Z",
    "modified": "2026-05-26T12:30:11.976Z",
    "type": "cve",
    "title": "Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/365607\nhttps://vuldb.com/vuln/365607/cti\nhttps://vuldb.com/submit/815068\nhttps://github.com/A1ester/TOTOLINK-N300RH-Command-Injection\nhttps://www.totolink.net/",
    "id": "CVE-2026-9543",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Totolink N300RH 6.1c.1353_B20190305",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N300RH",
    "version": "6.1c.1353_B20190305",
    "vendor": "Totolink",
    "ai_description": "OS command injection vulnerability in Totolink N300RH Web Management Interface",
    "ai_severity": "Critical",
    "ai_vendor": "Totolink",
    "ai_product": "N300RH",
    "ai_version": "6.1c.1353_B20190305",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply