Totolink Nr1800X vulnerabilities

CVE-2026-7548 [HIGH] CWE-74 CVE-2026-7548: A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function su A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVE-2026-7546 [HIGH] CWE-119 CVE-2026-7546: A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted e A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

CVE-2026-5030 [LOW] CWE-74 CVE-2026-5030: A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the fun A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used

CVE-2026-1328 [HIGH] CWE-119 CVE-2026-1328: A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function set A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

CVE-2026-1327 [LOW] CWE-74 CVE-2026-1327: A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue aff A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and

CVE-2026-1326 [LOW] CWE-74 CVE-2026-1326: A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and

CVE-2023-7220 [CRITICAL] CWE-121 CVE-2023-7220: A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affe A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be