Sign-up

ID

VAR-202601-2316


CVE

CVE-2026-1327


DESCRIPTION

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Trust: 1.0

sources: NVD: CVE-2026-1327

AFFECTED PRODUCTS

vendor:totolinkmodel:nr1800xscope:eqversion:9.1.0u.6279_b20210910

Trust: 1.0

sources: NVD: CVE-2026-1327

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-1327
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-1327
value: HIGH

Trust: 1.0

cna@vuldb.com: CVE-2026-1327
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2026-1327
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-1327
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2026-1327 // NVD: CVE-2026-1327

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

sources: NVD: CVE-2026-1327

EXTERNAL IDS

db:VULDBid:342303

Trust: 1.0

db:NVDid:CVE-2026-1327

Trust: 1.0

sources: NVD: CVE-2026-1327

REFERENCES

url:https://vuldb.com/?ctiid.342303

Trust: 1.0

url:https://vuldb.com/?id.342303

Trust: 1.0

url:https://vuldb.com/?submit.735790

Trust: 1.0

url:https://www.totolink.net/

Trust: 1.0

url:https://lavender-bicycle-a5a.notion.site/totolink-nr1800x-settraceroutecfg-2e453a41781f80df8ef9d32983758502?source=copy_link

Trust: 1.0

sources: NVD: CVE-2026-1327

SOURCES

db:NVDid:CVE-2026-1327

LAST UPDATE DATE

2026-01-30T23:57:18.812000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2026-1327date:2026-01-29T17:49:23.627

SOURCES RELEASE DATE

db:NVDid:CVE-2026-1327date:2026-01-22T15:16:50.967