Which versions of Totolink NR1800X are affected by CVE-2026-7546?

CVE-2026-7546 is a critical remote code execution vulnerability affecting Totolik NR1800X routers (firmware 9.1.0u.6279_B20210910) that allows unauthenticated attackers to execute arbitrary code or…

Totolink NR1800X CVE-2026-7546

Q: What is the CVSS score of CVE-2026-7546?

CVE-2026-7546 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26473 HIGH

Buffer Overflow (CWE-119)

2026-05-01 cna@vuldb.com

Buffer Overflow

8.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 01, 2026 - 03:30 vuln.today

EUVD ID Assigned

May 01, 2026 - 03:22 euvd

EUVD-2026-26473

Analysis Generated

May 01, 2026 - 03:22 vuln.today

CVE Published

May 01, 2026 - 03:16 nvd

HIGH 8.9

DescriptionNVD

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

AnalysisAI

Stack-based buffer overflow in Totolink NR1800X router firmware 9.1.0u.6279_B20210910 allows remote unauthenticated attackers to execute arbitrary code or crash the device by sending malicious HTTP Host headers to the lighttpd web server. The vulnerability has publicly available exploit code (CVSS E:P) but is not currently listed in CISA KEV. …

RemediationAI

Within 24 hours: Identify and inventory all Totolink NR1800X devices running firmware 9.1.0u.6279_B20210910 using network scanning tools; isolate affected devices from internet access if possible. Within 7 days: Contact Totolink support to confirm patch availability timeline and request security bulletins; implement network segmentation to restrict HTTP access to router management interfaces. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7546 vulnerability details – vuln.today

Back

Totolink NR1800X CVE-2026-7546

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Totolink NR1800X CVE-2026-7546

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code