CVE-2026-6158

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Totolink N300RH version 6.1c.1353 B20190305

Description A flaw in the setUpgradeUboot() function within the upgrade.so file allows for remote OS command injection. This occurs due to improper manipulation of the FileName argument, which can be exploited to execute arbitrary operating system commands on the device.

Recommendations Update Totolink N300RH version 6.1c.1353 B20190305 to a patched version. Isolate affected devices from the network to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-6158

Affected Products

N300Rh

CVE-2026-6158

Weakness Enumeration

Related Identifiers

Affected Products

References · 7