N300rh Firmware
CVE-2026-3696
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
AnalysisAI
OS command injection in Totolink N300RH firmware allows unauthenticated remote attackers to execute arbitrary commands through the setWiFiWpsConfig function in the CGI handler. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should restrict network access to the device's management interface until a fix is released.
Technical ContextAI
Classified as CWE-77 (Command Injection). Affects N300Rh Firmware. A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in N300rh Firmware
View allCommand injection in TOTOLINK N300RH router firmware 6.1c.1353 via setDiagnosisCfg handler. EPSS 4.0% with PoC available
CVE-2025-6400 is a critical buffer overflow vulnerability in TOTOLINK N300RH router firmware version 6.1c.1390_B20191101
A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. Rated medium severity (CVSS 5.3
A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. Rated medium severity (CVS
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. Rated medium severity (CVSS 5.3), this vulnerability i
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today