Sign-up

ID

VAR-202601-2316


CVE

CVE-2026-1327


TITLE

TOTOLINK of nr1800x  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-002452

DESCRIPTION

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Exploits are publicly available and can be used in the wild.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-1327 // JVNDB: JVNDB-2026-002452

AFFECTED PRODUCTS

vendor:totolinkmodel:nr1800xscope:eqversion:9.1.0u.6279_b20210910

Trust: 1.0

vendor:totolinkmodel:nr1800xscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:nr1800xscope:eqversion:nr1800x firmware 9.1.0u.6279_b20210910

Trust: 0.8

vendor:totolinkmodel:nr1800xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002452 // NVD: CVE-2026-1327

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-1327
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-1327
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-002452
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-1327
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-002452
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-1327
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-1327
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-002452
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002452 // NVD: CVE-2026-1327 // NVD: CVE-2026-1327

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002452 // NVD: CVE-2026-1327

PATCH

title://vuldb.com/?submit.735790url:https://lavender-bicycle-a5a.notion.site/TOTOLINK-NR1800X-setTracerouteCfg-2e453a41781f80df8ef9d32983758502?source=copy_link

Trust: 0.8

sources: JVNDB: JVNDB-2026-002452

EXTERNAL IDS

db:NVDid:CVE-2026-1327

Trust: 2.6

db:VULDBid:342303

Trust: 1.0

db:JVNDBid:JVNDB-2026-002452

Trust: 0.8

sources: JVNDB: JVNDB-2026-002452 // NVD: CVE-2026-1327

REFERENCES

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.342303

Trust: 1.0

url:https://vuldb.com/?id.342303

Trust: 1.0

url:https://vuldb.com/?submit.735790

Trust: 1.0

url:https://lavender-bicycle-a5a.notion.site/totolink-nr1800x-settraceroutecfg-2e453a41781f80df8ef9d32983758502?source=copy_link

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-1327

Trust: 0.8

sources: JVNDB: JVNDB-2026-002452 // NVD: CVE-2026-1327

SOURCES

db:JVNDBid:JVNDB-2026-002452
db:NVDid:CVE-2026-1327

LAST UPDATE DATE

2026-02-04T23:15:09.297000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002452date:2026-02-02T10:37:00
db:NVDid:CVE-2026-1327date:2026-01-29T17:49:23.627

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002452date:2026-02-02T00:00:00
db:NVDid:CVE-2026-1327date:2026-01-22T15:16:50.967