A vulnerability labeled as critical has been found in Totolink N300RH 6.1c.1353_B20190305 . Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface . Such manipulation of the argument admpass leads to os command injection. This vulnerability is documented as CVE-2026-9543 . The attack can be executed remotely. Additionally, an exploit exists.