What is the CVSS score of CVE-2026-36841?

CVE-2026-36841 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of TOTOLINK N200RE are affected by CVE-2026-36841?

TOTOLINK N200RE V5 routers are vulnerable to unauthenticated remote command execution affecting any device exposed to the internet, enabling complete device takeover without authentication or user…

TOTOLINK N200RE CVE-2026-36841

EUVD-2026-26231 CRITICAL

Command Injection (CWE-77)

2026-04-29 mitre

Command Injection

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 29, 2026 - 21:37 vuln.today

cvss_changed

Analysis Generated

Apr 29, 2026 - 21:22 vuln.today

CVSS changed

Apr 29, 2026 - 21:22 NVD

9.8 (None) 9.8 (CRITICAL)

EUVD ID Assigned

Apr 29, 2026 - 14:45 euvd

EUVD-2026-26231

Analysis Generated

Apr 29, 2026 - 14:45 vuln.today

CVE Published

Apr 29, 2026 - 00:00 nvd

CRITICAL 9.8

DescriptionNVD

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.

AnalysisAI

Remote unauthenticated command injection in TOTOLINK N200RE V5 router allows complete device compromise via formMapDelDevice function. Attackers can execute arbitrary OS commands by injecting malicious payloads into the macstr or bandstr parameters with no authentication required (CVSS 9.8, AV:N/AC:L/PR:N/UI:N). …

RemediationAI

Within 24 hours: Identify all TOTOLINK N200RE V5 devices in production and isolate them from internet-facing access or restrict WAN access via firewall rules. Within 7 days: Contact TOTOLINK support to confirm patch availability timeline; if unavailable, evaluate replacement with patched router models from alternative vendors. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-36841 vulnerability details – vuln.today

Back

TOTOLINK N200RE CVE-2026-36841

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code