CVE-2026-1326 | Totolink NR1800X 9.1.0u.6279_B20210910 POST Request /cgi-bin/cstecgi.cgi setWanCfg Hostname command injection

January 22, 2026 Yanac

A vulnerability, which was classified as critical, has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection.

This vulnerability is handled as CVE-2026-1326. The attack can be initiated remotely. Additionally, an exploit exists.VulDB Recent EntriesRead More