This is a remote command injection vulnerability in the web management interface of the widely deployed Totolink NR1800X wireless router. The flaw exists in the processing of the setUssd argument in the cstecgi.cgi endpoint. Remote attackers can send a crafted request to execute arbitrary system commands on the affected device.
Remediation
Apply the latest official firmware update from Totolink for the NR1800X router immediately. Until a patch is available, disable remote management of the router and restrict access to the web management interface to only trusted local networks.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.