CVE-2026-4611

HIGH NVD

CVSS Score 7.2

Severity HIGH

Published Mar 23, 2026

Vendor unknown

Description

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely.

References

https://vuldb.com/?ctiid.352475
https://vuldb.com/?id.352475
https://vuldb.com/?submit.775642
https://www.totolink.net/