216.73.217.64

CVE-2026-4611

· Published 23/03/2026 22:16 · Modified 24/03/2026 15:53

Labels: CVE-2026-4611 2026-03-23CVE-2026-4611CWE-77[email protected]

Essential information

Published
23/03/2026 22:16
Modified
24/03/2026 15:53
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
totolink / x6000r cpe:2.3:a:totolink:x6000r:9.4.0cu.1360_B20241207:*:*:*:*:*:*:*
totolink / x6000r cpe:2.3:a:totolink:x6000r:9.4.0cu.1498_B20250826:*:*:*:*:*:*:*

References