CVE-2026-1723

CWE-78OS Command Injection3 documents3 sources
Severity
9.2CRITICAL
EPSS
0.5%
top 32.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink X6000r
Timeline
PublishedJan 30

Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages1 packages

CVEListV5totolink/x6000rV9.4.0cu.1498_B20250826

🔴Vulnerability Details

2
GHSA
GHSA-qwj2-4vw8-pgf8: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injectio2026-01-30
CVEList
TOTOLINK X6000R Unauthenticated Command Injection Vulnerability2026-01-30
CVE-2026-1723 (CRITICAL CVSS 9.2) | Improper Neutralization of Special | cvebase.io