A security flaw has been discovered in Totolink LR350 firmware version 9.3.5u.6369_B20220309. This vulnerability allows remote attackers to exploit the function setTracerouteCfg in the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command results in command injection, which can lead to unauthorized access and control over the affected system.
The severity of this vulnerability is classified as low, with a CVSS score of 2.1. Although it is not the most critical vulnerability, it still poses a risk to organizations using the affected firmware. The fact that the exploit has been released to the public increases the urgency for organizations to implement necessary mitigations.
It is important for defenders to understand that this vulnerability can be exploited remotely, making it essential to address it promptly. Organizations should prioritize remediation based on their risk tolerance and operational environment.
Given the current threat landscape, organizations using Totolink devices should evaluate their exposure to this vulnerability and take appropriate actions to prevent potential exploitation.
Vulnerability Details
The vulnerability is officially described as follows: A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
The CVSS score of the vulnerability is 2.1, indicating it is a low severity issue. It is classified as a command injection vulnerability, specifically under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection')).
The affected product is the Totolink LR350 firmware version 9.3.5u.6369_B20220309. The vulnerability was published on January 19, 2026.
Technical Analysis
The root cause of this vulnerability lies in the improper handling of input parameters within the setTracerouteCfg function. The command parameter is manipulated by the attacker to execute arbitrary commands on the system. The attack vector is network-based, and the attack complexity is low, meaning that an attacker can exploit this vulnerability without significant effort.
Privileges required for exploitation are low, allowing an unauthenticated attacker to launch an attack without needing special access rights. User interaction is not required, making this vulnerability particularly dangerous.
The impacts of a successful exploitation include low confidentiality, integrity, and availability impacts, which means that while the attacker may not have complete control, they can still execute unauthorized commands that could compromise the system.
Risk & Impact Analysis
The real-world deployment risk associated with CVE-2026-1150 is significant given the potential for remote exploitation. Attackers may leverage this vulnerability to execute arbitrary commands, which could lead to further attacks or compromise of sensitive data.
Organizations should be aware of the implications of this vulnerability, especially if they have Totolink devices in their network. The blast radius could extend beyond the initial compromised system, potentially affecting other systems within the same network.
With a CVSS score of 2.1, the urgency for remediation is low, yet organizations should still schedule remediation during their patch cycle to mitigate any potential risks.
Signal | Status |
|---|---|
Known Exploit | Yes |
Public PoC | Yes |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The specific affected version is Totolink LR350 firmware version 9.3.5u.6369_B20220309. Organizations should be aware that all versions prior to vendor patch may be vulnerable.
Mitigation & Remediation
Organizations should prioritize patching the affected firmware. The latest versions from Totolink should be implemented to mitigate the risk of this vulnerability. If a patch is unavailable, implementing network controls to restrict access to the vulnerable components is recommended.
Further, organizations can enhance their security posture through continuous security testing, which can help identify and remediate similar vulnerabilities in the future.
Detection Guidance
Monitoring logs for unusual command executions or failed attempts to access the setTracerouteCfg functionality can provide indicators of potential exploitation. Behavioral anomalies in network traffic directed towards the Totolink devices should also be analyzed.
AppSecure Threat Intelligence Insight
CVE-2026-1150 highlights the importance of maintaining updated firmware on network devices. The potential for command injection vulnerabilities underscores the need for organizations to implement robust security measures, including regular updates and security monitoring.
This vulnerability also reflects a broader trend in the security landscape, where remote command injection vulnerabilities can lead to significant compromises. Security teams should take note of this pattern and apply lessons learned to enhance their overall security posture.
Organizations are encouraged to adopt a proactive approach to security, including integrating continuous security testing into their development and operational processes to identify and mitigate vulnerabilities before they can be exploited.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)