top of page
perceptive_background_267k.jpg

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.

Published:

28 April 2026 at 22:00:00

Alert date:

29 April 2026 at 22:05:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

A command injection vulnerability was discovered in TOTOLINK N200RE V5 router firmware. The vulnerability exists in the formMapDelDevice function and can be exploited through the macstr and bandstr parameters. This security flaw allows attackers to execute arbitrary commands on the affected device. The vulnerability has been assigned CVE-2026-36841 and affects the router's web interface functionality. Proof-of-concept code has been made available on GitHub demonstrating the exploitation technique.

Technical details

Mitigation steps:

Affected products:

TOTOLINK N200RE

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-36841
https://github.com/0xmania/cve/tree/main/TOTOLINK-N200RE_V5-cstecgi-formMapDelDevice-CommandInjection

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page