Vulnerabilities ›

CVE-2026-7633

Medium

CWE-73 — Weakness Type

                    Published: May 2, 2026                      ·  Modified: May 5, 2026                      ·  Source: NVD                

CVSS v3

6.5

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and might be used.

🤖 AI Executive Summary

CVE-2026-7633 is a remote file inclusion vulnerability in Totolink N300RH router firmware version 6.1c.1353_B20190305 affecting the setUploadSetting function. An attacker can manipulate the FileName parameter to include arbitrary files, potentially leading to unauthorized access or code execution.

📄 Description (Arabic)

تؤثر هذه الثغرة على موجهات Totolik N300RH المستخدمة على نطاق واسع في المؤسسات السعودية، مما يسمح للمهاجمين البعيدين باستغلال ثغرة إدراج الملفات. الاستغلال المتاح علناً يزيد من خطر التعرض للهجمات على الأنظمة التي تستخدم إصدارات البرنامج الثابت القديمة.

🤖 ملخص تنفيذي (AI)

This vulnerability affects Totolik N300RH routers commonly deployed in Saudi networks, allowing remote attackers to exploit file inclusion through parameter manipulation. The publicly available exploit increases risk for organizations using outdated firmware versions.

🤖 AI Intelligence Analysis Analyzed: May 11, 2026 02:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government banking

🎯 MITRE ATT&CK Techniques

T1190 T1083 T1566

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update Totolik N300RH firmware to the latest patched version beyond 6.1c.1353_B20190305. Restrict access to /cgi-bin/cstecgi.cgi through firewall rules and network segmentation. Disable remote management features if not required. Monitor router logs for suspicious file inclusion attempts.

🔧 خطوات المعالجة (العربية)

قم بتحديث برنامج Totolik N300RH الثابت فوراً إلى إصدار مصحح أحدث من 6.1c.1353_B20190305. قيد الوصول إلى /cgi-bin/cstecgi.cgi من خلال قواعد جدار الحماية والفصل الشبكي. عطل ميزات الإدارة البعيدة إذا لم تكن مطلوبة. راقب سجلات الموجه للكشف عن محاولات إدراج ملفات مريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 7.1

🔵 SAMA CSF

ID.AM-2 PR.DS-1 DE.CM-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.18.1.3

🔗 References & Sources 5

🔗

https://github.com/xyh4ck/iot_poc/tree/main/TOTOLINK/N300RHv4/03_setUploadSetting_ECFNP

cna@vuldb.com

🔗

https://vuldb.com/submit/806597

cna@vuldb.com

🔗

https://vuldb.com/vuln/360579

cna@vuldb.com

🔗

https://vuldb.com/vuln/360579/cti

cna@vuldb.com

🔗

https://www.totolink.net/

cna@vuldb.com

📊 CVSS Score

6.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.5

CWECWE-73

EPSS0.16%

Exploit No

Patch ✗ No

Published 2026-05-02

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-73

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7633

Introduce Yourself

Sign In Required