Is there a public PoC exploit available for CVE-2026-6158?

Yes, a public proof-of-concept exploit is available for CVE-2026-6158. Prioritise patching immediately. EPSS: 2.4%.

Totolink N300RH CVE-2026-6158

Q: What is the CVSS score of CVE-2026-6158?

CVE-2026-6158 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 2.4%.

EUVD-2026-21851 MEDIUM

OS Command Injection (CWE-78)

2026-04-13 VulDB

GHSA-3cm3-qfjh-c5x9

Command Injection

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Analysis Generated

Apr 13, 2026 - 05:26 vuln.today

Severity Changed

Apr 13, 2026 - 05:22 NVD

HIGH MEDIUM

CVSS changed

Apr 13, 2026 - 05:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

EUVD ID Assigned

Apr 13, 2026 - 05:15 euvd

EUVD-2026-21851

Analysis Generated

Apr 13, 2026 - 05:15 vuln.today

CVE Published

Apr 13, 2026 - 04:00 nvd

MEDIUM 5.5

DescriptionNVD

A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

AnalysisAI

Remote code execution in Totolink N300RH firmware 6.1c.1353_B20190305 allows unauthenticated network attackers to execute arbitrary OS commands via command injection in the FileName parameter of the setUpgradeUboot function in upgrade.so. Publicly available exploit code exists for this vulnerability, which carries a CVSS 6.9 score reflecting network-accessible attack vector with low complexity and no authentication requirements.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6158 vulnerability details – vuln.today

Back

Totolink N300RH CVE-2026-6158

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

Totolink N300RH CVE-2026-6158

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code