PT-2026-3940 · Totolink · Totolink Nr1800X

Yhryhryhr_Mie

Publicado

2026-01-22

Atualizado

2026-01-22

CVE-2026-1328

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910

Description A buffer overflow issue exists in the setWizardCfg function within the /cgi-bin/cstecgi.cgi file of the POST Request Handler component. Manipulating the ssid argument can trigger this issue. The attack can be initiated remotely. The exploit is publicly available.

Recommendations For Totolink NR1800X version 9.1.0u.6279 B20210910, restrict access to the /cgi-bin/cstecgi.cgi file or disable the setWizardCfg function until a patch is available.

Exploit

Correção

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120CWE-119

Identificadores relacionados

BDU:2026-00853

CVE-2026-1328

Produtos afetados

Totolink Nr1800X

PT-2026-3940 · Totolink · Totolink Nr1800X

CVE-2026-1328

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14