Skip to main content

N300Rh CVE-2026-6158

| EUVDEUVD-2026-21851 MEDIUM
OS Command Injection (CWE-78)
2026-04-13 VulDB GHSA-3cm3-qfjh-c5x9
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
CVSS changed
Apr 29, 2026 - 01:11 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Analysis Generated
Apr 13, 2026 - 05:26 vuln.today
Severity Changed
Apr 13, 2026 - 05:22 NVD
HIGH MEDIUM
CVSS changed
Apr 13, 2026 - 05:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)
EUVD ID Assigned
Apr 13, 2026 - 05:15 euvd
EUVD-2026-21851
Analysis Generated
Apr 13, 2026 - 05:15 vuln.today
CVE Published
Apr 13, 2026 - 04:00 nvd
MEDIUM 5.5

DescriptionCVE.org

A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

AnalysisAI

Remote code execution in Totolink N300RH firmware 6.1c.1353_B20190305 allows unauthenticated network attackers to execute arbitrary OS commands via command injection in the FileName parameter of the setUpgradeUboot function in upgrade.so. Publicly available exploit code exists for this vulnerability, which carries a CVSS 6.9 score reflecting network-accessible attack vector with low complexity and no authentication requirements.

Technical ContextAI

The vulnerability exists in the upgrade.so library within the Totolink N300RH router firmware, specifically in the setUpgradeUboot function that handles firmware upgrade operations. The flaw is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), meaning the function fails to properly sanitize or validate the FileName parameter before passing it to OS command execution routines. This allows an attacker to inject shell metacharacters or command sequences into what should be a filename, causing the underlying shell to interpret and execute injected commands with the privileges of the firmware process. The affected CPE is cpe:2.3:a:totolink:n300rh:*:*:*:*:*:*:*:*, indicating all versions of the N300RH product line are potentially affected, with confirmed vulnerability in firmware version 6.1c.1353_B20190305.

RemediationAI

Contact Totolink for current firmware updates for the N300RH model, as patched firmware versions should be available from https://www.totolink.net/. Upgrade the device to the latest available firmware release, which should address the command injection flaw in the setUpgradeUboot function. As an interim mitigation, restrict network access to the router's web management interface and firmware upgrade endpoints using firewall rules or local network segmentation, and consider disabling the upgrade function entirely if not actively needed. For organizations with multiple N300RH devices, implement inventory control to identify and remediate all affected units before they can be exploited.

Share

CVE-2026-6158 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy