CVE-2026-9543
CriticalSummary
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305, affecting the setPasswordCfg function in the /cgi-bin/cstecgi.cgi file of the Web Management Interface. Manipulation of the admpass argument leads to OS command injection.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a serious threat to the security of the system and the organization's data.
Recommendation
It is recommended to update the software to the latest version to mitigate this vulnerability and to monitor the system for unauthorized activities.
Original NVD description (English source)
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

