Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Command injection in Totolink NR1800X firmware 9.1.0u.6279_B20210910 allows authenticated remote attackers to execute arbitrary commands via the host_time parameter in the NTPSyncWithHost function of /cgi-bin/cstecgi.cgi. The vulnerability has a CVSS score of 6.3 (medium severity) with publicly available exploit code, though it requires valid login credentials to exploit. Real-world risk is moderate given the authentication requirement and moderate EPSS probability (indicated by E:P in vector).
Technical ContextAI
The vulnerability exists in the Telnet Service component of Totolink NR1800X routers, specifically within the NTPSyncWithHost CGI function. The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command), meaning user-supplied input in the host_time parameter is passed unsanitized to a system command execution routine. The /cgi-bin/cstecgi.cgi endpoint processes this parameter without adequate input validation or escaping, allowing shell metacharacters to be injected. This is a classic command injection vulnerability affecting network device firmware where CGI scripts often have direct access to system shell execution functions.
RemediationAI
Primary remediation is to update Totolink NR1800X firmware to the latest available version released by the vendor after the vulnerability disclosure. Users should check https://www.totolink.net/ for official firmware updates. In the interim, mitigate by restricting network access to the router's management interface (CGI services), disable remote management/Telnet access if not required, and use strong, unique credentials for router administration. Monitor router logs for suspicious CGI requests to /cgi-bin/cstecgi.cgi with host_time parameter manipulation. If patch availability is uncertain, contact Totolink support directly for advisory and timeline.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16971