Which versions of Totolink NR1800X are affected by CVE-2026-7548?

CVE-2026-7548 affects Totolik NR1800X routers running firmware 9.1.0u.6279_B20210910, enabling authenticated attackers to execute arbitrary commands through a command injection vulnerability in the…

Totolink NR1800X CVE-2026-7548

Q: What is the CVSS score of CVE-2026-7548?

CVE-2026-7548 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 1.2%.

EUVD-2026-26472 HIGH

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2026-05-01 cna@vuldb.com

Command Injection

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 01, 2026 - 03:30 vuln.today

EUVD ID Assigned

May 01, 2026 - 03:22 euvd

EUVD-2026-26472

Analysis Generated

May 01, 2026 - 03:22 vuln.today

CVE Published

May 01, 2026 - 03:16 nvd

HIGH 7.4

DescriptionNVD

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

AnalysisAI

Command injection in Totolink NR1800X router firmware 9.1.0u.6279_B20210910 allows authenticated remote attackers to execute arbitrary system commands via the setUssd parameter in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists (POC confirmed via GitHub). …

RemediationAI

Within 24 hours: Identify all Totolik NR1800X devices on the network and document firmware versions; change default administrative credentials immediately on all instances. Within 7 days: Implement network segmentation to restrict administrative access to router management interfaces (restrict access to /cgi-bin/cstecgi.cgi to trusted administrative networks only); disable remote management if not operationally required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7548 vulnerability details – vuln.today

Back

Totolink NR1800X CVE-2026-7548

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Totolink NR1800X CVE-2026-7548

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code