CVE-2026-9543

Name of the Vulnerable Software and Affected Versions Totolink N300RH version 6.1c.1353 B20190305

Description OS command injection is possible in the Web Management Interface via the setPasswordCfg() function located in the '/cgi-bin/cstecgi.cgi' endpoint. This occurs when the admpass argument is manipulated, allowing a remote attacker to execute arbitrary operating system commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.