CVE-2026-5030 | Totolink NR1800X 9.1.0u.6279_B20210910 Telnet Service /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time command injection

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection.

This vulnerability is documented as CVE-2026-5030. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-5030 | Totolink NR1800X 9.1.0u.6279_B20210910 Telnet Service /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time command injection

Post correlati

CVE-2025-41403 | Zoho ManageEngine ADAudit Plus up to 8510 Service Account Audit Data sql injection

CVE-2025-40599 | SonicWall SMA 100 Web Management Interface unrestricted upload (SNWLID-2025-0014)

CVE-2026-3376 | Tenda F453 1.0.0.3 /goform/SafeMacFilter fromSafeMacFilter page buffer overflow

CVE-2024-50947 | kmqtt 0.2.7 Request denial of service