Skip to content
CVSS 8.8 · HIGH

CVE-2026-7548

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

View on NVD

Analysis

This vulnerability affects a specific model of Totolink consumer routers through a command injection flaw. It is categorized as vendor-specific firmware for hardware that is not part of the standard software development or server infrastructure stack used by the community.

Severity

Score: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-74CWE-77

EPSS

Probability of exploitation (next 30 days): 0.0116 (1.2%)
Percentile: 78.7%
EPSS: 2026-05-06

Technical description

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Published: 5/1/2026, 3:16:01 AM
Last modified: 5/1/2026, 3:26:24 PM

References

HomeEventsBlogResourcesTeam