CVE-2026-1327 | Totolink NR1800X 9.1.0u.6279_B20210910 POST Request /cgi-bin/cstecgi.cgi setTracerouteCfg command command injection

Inserito da Angelo Barbosa | Gen 22, 2026 | CVE

A vulnerability, which was classified as critical, was found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection.

This vulnerability is uniquely identified as CVE-2026-1327. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-1327 | Totolink NR1800X 9.1.0u.6279_B20210910 POST Request /cgi-bin/cstecgi.cgi setTracerouteCfg command command injection

Post correlati

CVE-2024-2198 | BestWebSoft Contact Form Plugin up to 4.2.8 on WordPress cntctfrm_contact_address cross site scripting

CVE-2023-49006 | Phpsysinfo 3.4.3 XML.php cross-site request forgery

CVE-2024-6621 | WP RSS Aggregator Plugin up to 4.23.11 on WordPress Feed State authorization

CVE-2025-52573 | joshuayoes ios-simulator-mcp up to 1.3.2 ui_tap os command injection (GHSA-6f6r-m9pv-67jw)