Totolink N300RH Router Hit by Remote Command Injection
The National Vulnerability Database (NVD) has documented CVE-2026-6158, a high-severity flaw impacting the Totolink N300RH router, specifically version 6.1c.1353_B20190305. This vulnerability resides within the setUpgradeUboot function of the upgrade.so file, where improper handling of the FileName argument leads to an operating system command injection.
This isn’t just some theoretical bug; the NVD notes that the exploit for this command injection is public, making it a live threat. Attackers can leverage this remotely, potentially gaining control over affected devices. With a CVSS score of 7.3 (HIGH), this is a serious issue that demands immediate attention, falling under the notorious CWE-77 and CWE-78 categories for command injection.
Related ATT&CK Techniques
🛡️ Detection Rules
4 rules · 5 SIEM formats4 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.
Web Application Exploitation Attempt — CVE-2026-6158
Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.
4 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get Detection Rules →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6158 | Command Injection | Totolink N300RH version 6.1c.1353_B20190305 |
| CVE-2026-6158 | Command Injection | Vulnerable function: setUpgradeUboot in upgrade.so |
| CVE-2026-6158 | Command Injection | Vulnerable argument: FileName |
| CVE-2026-6158 | Command Injection | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Related Posts
Critical RCE Flaw Hits NuGet Gallery Backend
CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...
BoidCMS LFI to RCE: A Critical Template Flaw
CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...
Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk
CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...