CVE-2026-6158 | Totolink N300RH 6.1c.1353_B20190305 upgrade.so setUpgradeUboot FileName os command injection

Inserito da Angelo Barbosa | Apr 12, 2026 | CVE

A vulnerability identified as critical has been detected in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection.

This vulnerability is tracked as CVE-2026-6158. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2026-6158 | Totolink N300RH 6.1c.1353_B20190305 upgrade.so setUpgradeUboot FileName os command injection

Post correlati

CVE-2024-45842 | Sharp/Toshiba Tec MFP HTTP PUT Request path traversal

CVE-2024-8231 | Tenda O6 1.0.0.7(2054) /goform/setPortForward fromVirtualSet ip/localPort/publicPort/app stack-based overflow

CVE-2024-54728 | BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 access control

CVE-2024-3729 | DynamiApps Frontend Admin Plugin up to 3.19.4 on WordPress missing encryption