Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-9543: Totolink N300RH Web Management Interface Password Setting Risk
CVE-2026-9543
Summary
A security flaw in the Totolink N300RH router's web interface allows hackers to execute commands remotely. This means an attacker could potentially take control of the router. To stay safe, update your router to the latest version as soon as possible.
Original title
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manip...
Original description
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 26 May 2026 · Updated: 30 May 2026 · First seen: 26 May 2026