CVE-2026-6158

CWE-77Command InjectionCWE-78OS Command Injection4 documents4 sources
Severity
6.9MEDIUM
EPSS
2.4%
top 15.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink N300rh
Timeline
PublishedApr 13

Description

A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5totolink/n300rh6.1c.1353_B20190305

🔴Vulnerability Details

3
GHSA
GHSA-3cm3-qfjh-c5x9: A flaw has been found in Totolink N300RH 62026-04-13
CVEList
Totolink N300RH upgrade.so setUpgradeUboot os command injection2026-04-13
VulDB
Totolink N300RH 6.1c.1353_B20190305 upgrade.so setUpgradeUboot FileName os command injection2026-04-12
CVE-2026-6158 (MEDIUM CVSS 6.9) | A flaw has been found in Totolink N | cvebase.io