CVE-2026-6158

CVSS v2.0

7.5

High

AV:N/AC:L/Au:N/C:P/I:P/A:P

A flaw has been found in Totolink N300RH 6.1c.1353 B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-6158

Affected Products

N300Rh

CVE-2026-6158

Weakness Enumeration

Related Identifiers

Affected Products

References · 6