CVE-2026-1723

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.

CVSS

No CVSS.

References

Link	Resource
https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2026-0001/PANW-2026-0001.md
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Neutralización incorrecta de elementos especiales utilizados en un comando del sistema operativo (vulnerabilidad de 'inyección de comandos del sistema operativo') en TOTOLINK X6000R permite la inyección de comandos del sistema operativo. Este problema afecta a X6000R: hasta la versión V9.4.0cu.1498_B20250826.

30 Jan 2026, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-30 21:15

Updated : 2026-04-15 00:35

NVD link : CVE-2026-1723

Mitre link : CVE-2026-1723

CVE.ORG link : CVE-2026-1723

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2026-1723", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-30T21:15:57.853", "references": [{"url": "https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2025/PANW-2026-0001/PANW-2026-0001.md", "source": "psirt@paloaltonetworks.com"}, {"url": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/247/ids/36.html", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo (vulnerabilidad de 'inyecci\u00f3n de comandos del sistema operativo') en TOTOLINK X6000R permite la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a X6000R: hasta la versi\u00f3n V9.4.0cu.1498_B20250826."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@paloaltonetworks.com"}