CVE-2026-7548
Received Received - Intake
Command Injection in Totolink NR1800X Router

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: VulDB

Description
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7548
EUVD
EUVD-2026-26472
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink nr1800x 9.1.0u.6279_b20210910
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7548 is a command injection vulnerability found in the TOTOLINK NR1800X router, specifically in the setUssd function within the /cgi-bin/cstecgi.cgi file.

The vulnerability occurs because user input from the ussd parameter is directly used in a system command without proper validation, allowing an attacker to inject and execute arbitrary commands on the device.

An attacker can exploit this remotely by sending a crafted HTTP POST request with a malicious payload in the ussd parameter, which can lead to unauthorized command execution on the router.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary commands on the affected TOTOLINK NR1800X router.

  • Unauthorized control over the router device.
  • Potential disruption of network services.
  • Compromise of network security and privacy.
  • Attackers could use the router as a foothold for further attacks within the network.
Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the /cgi-bin/cstecgi.cgi endpoint with the topicurl parameter set to "setUssd" and the ussd parameter containing a command injection payload.

First, log in to the device to obtain a session ID. Then send the POST request with the malicious payload. If the device returns a 200 status code, it indicates the vulnerability is present.

To verify successful exploitation, check for the presence of a marker file created by the injected command, for example, /tmp/ussd_success.

  • Log in to the device to get a session ID.
  • Send a POST request to /cgi-bin/cstecgi.cgi with topicurl=setUssd and ussd containing a command injection payload.
  • Check for HTTP 200 response status.
  • Verify the presence of the marker file (e.g., /tmp/ussd_success) on the device.
Mitigation Strategies

To mitigate the CVE-2026-7548 vulnerability, immediate steps include restricting remote access to the affected Totolink NR1800X device, especially to the /cgi-bin/cstecgi.cgi endpoint.

Avoid sending or accepting requests with the 'topicurl' parameter set to 'setUssd' as this triggers the vulnerable function.

Monitor network traffic for suspicious POST requests targeting the 'setUssd' function with unusual 'ussd' parameter values that could indicate command injection attempts.

If possible, apply any available firmware updates or patches from the vendor to fix the vulnerability.

As a temporary measure, consider disabling or limiting the functionality that processes the 'setUssd' requests until a patch is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7548. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart