CVE-2026-5030 | Totolink NR1800X 9.1.0u.6279_B20210910 Telnet Service /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time command injection

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection.

This vulnerability is documented as CVE-2026-5030. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-5030 | Totolink NR1800X 9.1.0u.6279_B20210910 Telnet Service /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time command injection

Post correlati

CVE-2023-52713 | Huawei HarmonyOS/EMUI Window Management Module permission

CVE-2023-36260 | Craft CMS 4.6.1 Feed-Me Name/Feed-Me URL denial of service

CVE-2024-39525 | Juniper Junos OS/Junos OS Evolved Routing Protocol Daemon exceptional condition (JSA88102)

CVE-2024-0768 | Envo Elementor Templates & Widgets for WooCommerce Plugin ajax_theme_activation cross-site request forgery