CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-4611

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 79.6%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 8.3

References

https://vuldb.com/?ctiid.352475
https://vuldb.com/?id.352475
https://vuldb.com/?submit.775642
https://www.totolink.net/

Products affected by CVE-2026-4611

Totolink » X6000r » Version: N/A

cpe:2.3:h:totolink:x6000r:-
Totolink » X6000r Firmware » Version: 9.4.0cu.1360_b20241207

cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.1360_b20241207
Totolink » X6000r Firmware » Version: 9.4.0cu.1498_b20250826

cpe:2.3:o:totolink:x6000r_firmware:9.4.0cu.1498_b20250826

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4611

Products

Pricing

Contact Us