Platform
other
Component
telnet-service
Fixed in
9.1.1
CVE-2026-5030 describes a Command Injection vulnerability discovered in the Telnet Service of the Totolink NR1800X router. This flaw allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized access and control. The vulnerability affects versions 9.1.0u.6279_B20210910 and has been publicly disclosed, increasing the risk of exploitation.
Successful exploitation of CVE-2026-5030 allows an attacker to inject and execute arbitrary commands on the vulnerable Totolink NR1800X router. This can lead to a complete compromise of the device, enabling attackers to modify configurations, steal sensitive data (such as user credentials or network settings), and potentially pivot to other devices on the network. The remote nature of the vulnerability means an attacker does not need local access to exploit it, significantly expanding the potential attack surface. The ability to execute commands grants the attacker a high level of control over the router’s functionality.
CVE-2026-5030 has been publicly disclosed, indicating a higher probability of exploitation. The vulnerability is present in a widely deployed router, increasing the potential attack surface. No KEV listing or confirmed exploitation reports are currently available, but the public disclosure warrants immediate attention. The vulnerability's ease of exploitation, due to its remote nature, further elevates the risk.
Exploit Status
EPSS
1.55% (81% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5030 is to upgrade the Totolink NR1800X router to a patched firmware version. Unfortunately, a fixed version is not specified in the available data. As a temporary workaround, consider implementing strict input validation on the host_time parameter within the /cgi-bin/cstecgi.cgi script, if possible. Network segmentation can also limit the potential blast radius of a successful attack. Monitor network traffic for unusual command execution patterns. After applying any mitigation, verify the fix by attempting to trigger the command injection vulnerability with a known payload and confirming that it is blocked.
Update the Totolink NR1800X router firmware to a version later than 9.1.0u.6279_B20210910 to fix the command injection vulnerability in the Telnet Service. Refer to the vendor's website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5030 is a Command Injection vulnerability affecting the Telnet Service in Totolink NR1800X routers, allowing attackers to execute commands remotely.
You are affected if you are using Totolink NR1800X with firmware version 9.1.0u.6279_B20210910.
Upgrade to a patched firmware version. As no fixed version is specified, implement input validation as a temporary workaround.
While no confirmed exploitation is currently reported, the public disclosure increases the likelihood of exploitation.
Refer to the Totolink website or security advisories for updates regarding CVE-2026-5030 and available patches.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.