CVE-2026-7548

EUVD-2026-26472
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 78.67%
Common Weakness Enumeration
References
https://github.com/newym/cve/blob/main/totolink%20nr1800x%20command%20injection.md
https://vuldb.com/submit/804417
https://vuldb.com/vuln/360358
https://vuldb.com/vuln/360358/cti
https://www.totolink.net/