Which versions of Totolink N300RH are affected by CVE-2026-9543?

Totolink N300RH routers (firmware 6.1c.1353_B20190305) are susceptible to unauthenticated remote command injection, granting attackers unchecked administrative access to the network gateway.

Is there a public PoC exploit available for CVE-2026-9543?

Yes, a public proof-of-concept exploit is available for CVE-2026-9543. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2026-9543?

Within 24 hours: Scan network inventory for all Totolink N300RH devices; document firmware version (particularly 6.1c.1353_B20190305 and other 6.1c variants) and network locations. Within 7 days: Isolate identified vulnerable devices from production networks via physical disconnection or dedicated quarantine VLAN; block administrative ports (80, 443) at network boundary. Within 30 days: Replace all affected devices with alternative gateway models from unaffected manufacturers; retrieve and analyze device logs and syslog records for evidence of unauthorized access or configuration changes during the exposure window.

Totolink N300RH CVE-2026-9543

Q: What is the CVSS score of CVE-2026-9543?

CVE-2026-9543 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2026-31816 HIGH

OS Command Injection (CWE-78)

2026-05-26 VulDB

GHSA-85g8-3qwj-fmpv

Command Injection N300Rh

8.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.9 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 09:03 vuln.today

Severity Changed

May 26, 2026 - 14:22 NVD

CRITICAL HIGH

CVSS changed

May 26, 2026 - 14:22 NVD

9.8 (CRITICAL) 8.9 (HIGH)

DescriptionCVE.org

A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

OS command injection in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the admpass argument sent to the setPasswordCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework rates technical impact as total with automatable exploitation, though EPSS remains low at 0.20%. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify exposed N300RH management interface

Delivery

Craft POST to /cgi-bin/cstecgi.cgi setPasswordCfg

Exploit

Inject shell metacharacters in admpass parameter

Execution

CGI executes injected OS command as root

Persist

Deploy persistent backdoor or implant

Impact

Pivot to LAN or join botnet