Vulnerability-Lookup

CNVD-2026-11736

Vulnerability from cnvd - Published: 2026-02-24

Title

TOTOLINK NR1800X命令注入漏洞（CNVD-2026-11736）

Description

TOTOLINK NR1800X是中国吉翁电子（TOTOLINK）公司的一款出色的5G NR室内Wi-Fi和SIP CPE。旨在为家庭和办公室提供快速便捷的NR固定数据服务部署。 TOTOLINK NR1800X存在命令注入漏洞，该漏洞源于对文件/cgi-bin/cstecgi.cgi中参数command的错误操作，攻击者可利用该漏洞在系统上执行任意命令。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.totolink.net/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-1327

Impacted products

Name
TOTOLINK NR1800X 9.1.0u.6279_B20210910

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-1327",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-1327"
    }
  },
  "description": "TOTOLINK NR1800X\u662f\u4e2d\u56fd\u5409\u7fc1\u7535\u5b50\uff08TOTOLINK\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u51fa\u8272\u76845G NR\u5ba4\u5185Wi-Fi\u548cSIP CPE\u3002\u65e8\u5728\u4e3a\u5bb6\u5ead\u548c\u529e\u516c\u5ba4\u63d0\u4f9b\u5feb\u901f\u4fbf\u6377\u7684NR\u56fa\u5b9a\u6570\u636e\u670d\u52a1\u90e8\u7f72\u3002\n\nTOTOLINK NR1800X\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u6587\u4ef6/cgi-bin/cstecgi.cgi\u4e2d\u53c2\u6570command\u7684\u9519\u8bef\u64cd\u4f5c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.totolink.net/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-11736",
  "openTime": "2026-02-24",
  "products": {
    "product": "TOTOLINK NR1800X 9.1.0u.6279_B20210910"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-1327",
  "serverity": "\u4e2d",
  "submitTime": "2026-01-30",
  "title": "TOTOLINK NR1800X\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2026-11736\uff09"
}

CVE-2026-1327 (GCVE-0-2026-1327)

Vulnerability from cvelistv5 – Published: 2026-01-22 14:02 – Updated: 2026-02-23 08:53

Title

Totolink NR1800X POST Request cstecgi.cgi setTracerouteCfg command injection

Summary

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

CWE

CWE-77 - Command Injection
CWE-74 - Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.342303	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.342303	signaturepermissions-required
	https://vuldb.com/?submit.735790	third-party-advisory
	https://lavender-bicycle-a5a.notion.site/TOTOLINK…	exploit
	https://www.totolink.net/	product

Impacted products

	Vendor	Product	Version
	Totolink	NR1800X	Affected: 9.1.0u.6279_B20210910 cpe:2.3:o:totolink:nr1800x_firmware::::::::

Credits

wxhwxhwxh_ (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1327",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T14:31:37.974783Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-22T14:31:46.097Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:totolink:nr1800x_firmware:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "POST Request Handler"
          ],
          "product": "NR1800X",
          "vendor": "Totolink",
          "versions": [
            {
              "status": "affected",
              "version": "9.1.0u.6279_B20210910"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wxhwxhwxh_ (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T08:53:00.325Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-342303 | Totolink NR1800X POST Request cstecgi.cgi setTracerouteCfg command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.342303"
        },
        {
          "name": "VDB-342303 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.342303"
        },
        {
          "name": "Submit #735790 | TOTOLINK NR1800X NR1800X_Firmware V9.1.0u.6279_B20210910 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.735790"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-NR1800X-setTracerouteCfg-2e453a41781f80df8ef9d32983758502?source=copy_link"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.totolink.net/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-01-22T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-01-30T03:51:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Totolink NR1800X POST Request cstecgi.cgi setTracerouteCfg command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-1327",
    "datePublished": "2026-01-22T14:02:10.294Z",
    "dateReserved": "2026-01-22T07:43:45.318Z",
    "dateUpdated": "2026-02-23T08:53:00.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-11736

CVE-2026-1327 (GCVE-0-2026-1327)

Tags

Sightings

Nomenclature