CVE-2026-4611

CVSS v3.1

7.2

High

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360 B20241207/9.4.0cu.1498 B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely.

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-4611

Affected Products

X6000R

CVE-2026-4611

Weakness Enumeration

Related Identifiers

Affected Products

References · 5