CVE-2026-7633

Summary

A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and might be used.

Affected Software

VendorProductVersion RangeStatus
TotolinkN300RH6.1c.1353_B20190305affected

Weaknesses

  • CWE-73: File Inclusion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References