CVE-2026-36841
published 2026-04-29CVE-2026-36841: TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.13%
62.3th percentile
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Totolink N200RE V5 formMapDelDevice macstr/bandstr command injection
vuldb·2026-04-29·CVSS 9.8
CVE-2026-36841 [CRITICAL] Totolink N200RE V5 formMapDelDevice macstr/bandstr command injection
A vulnerability classified as critical was found in Totolink N200RE V5. This affects the function formMapDelDevice. Such manipulation of the argument macstr/bandstr leads to command injection.
This vulnerability is traded as CVE-2026-36841. The attack may be launched remotely. There is no exploit available.
GHSA
GHSA-3hw6-vmjp-6cj5: TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function
ghsa_unreviewed·2026-04-29
CVE-2026-36841 [CRITICAL] CWE-77 GHSA-3hw6-vmjp-6cj5: TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-29
Published