N300Rh
Monthly
Stack-based buffer overflow in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote attackers to corrupt memory via the KeyStr argument processed by the setWiFiBasicConfig function in wireless.so, reachable through the Web Management Interface. Publicly available exploit code exists, and the CVSS 4.0 vector indicates network-reachable, unauthenticated exploitation with high impact to confidentiality, integrity, and availability. No CISA KEV listing has been published, so exploitation is not confirmed in the wild despite the public PoC.
OS command injection in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the admpass argument sent to the setPasswordCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework rates technical impact as total with automatable exploitation, though EPSS remains low at 0.20%. The flaw is reachable over the network without authentication or user interaction, giving an attacker full control of the device.
Remote authenticated attackers can execute arbitrary code on Totolink N300RH 3.2.4-B20220812 routers via buffer overflow in the setMacFilterRules function. Exploitation requires low-privilege authentication to the router's web interface, then sending a crafted POST request with an oversized mac_address parameter to /cgi-bin/cstecgi.cgi. Public exploit code is available (documented on Notion), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network attack vector, publicly available POC, and vulnerable IoT device suggest moderate real-world risk for internet-exposed routers with default or weak credentials.
Buffer overflow in Totolink N300RH router firmware 3.2.4-B20220812 allows authenticated remote attackers to achieve complete device compromise via crafted DNS parameter in WAN configuration requests. The vulnerability exists in the setWanConfig function within /cgi-bin/cstecgi.cgi POST handler, exploitable by manipulating the priDns argument. Public exploit code is available (CVSS E:P), and CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the vulnerable device with no cross-scope effects.
Buffer overflow in Totolink N300RH router firmware 3.2.4-B20220812 enables authenticated remote attackers to achieve code execution via crafted FileName parameter to the setUpgradeFW function in /cgi-bin/cstecgi.cgi. Public exploit code is available (documented in Notion). CVSS 7.4 with CVSS 4.0 Exploit maturity 'Proof-of-concept' confirms POC exists. Not listed in CISA KEV, suggesting limited real-world exploitation despite public POC.
Remote unauthenticated attackers can execute arbitrary code on Totolink N300RH routers version 3.2.4-B20220812 by sending crafted Password parameter values to the loginauth authentication function in /cgi-bin/cstecgi.cgi, triggering a stack-based buffer overflow. Exploitation probability is moderate (EPSS score not provided, but publicly available exploit code exists per VulDB reference). This affects consumer-grade wireless routers often deployed in home/SOHO environments with default internet-facing management interfaces, creating significant remote compromise risk despite the device's end-of-life status.
External file inclusion in Totolink N300RH firmware 6.1c.1353_B20190305 allows remote unauthenticated attackers to manipulate the FileName parameter in the setUploadSetting function via /cgi-bin/cstecgi.cgi, enabling arbitrary file writes and denial of service. Publicly available exploit code exists, and the vulnerability carries a CVSS score of 6.5 reflecting network-accessible attack vector with low complexity.
Remote code execution in Totolink N300RH firmware 6.1c.1353_B20190305 allows unauthenticated network attackers to execute arbitrary OS commands via command injection in the FileName parameter of the setUpgradeUboot function in upgrade.so. Publicly available exploit code exists for this vulnerability, which carries a CVSS 6.9 score reflecting network-accessible attack vector with low complexity and no authentication requirements.
Stack-based buffer overflow in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote attackers to corrupt memory via the KeyStr argument processed by the setWiFiBasicConfig function in wireless.so, reachable through the Web Management Interface. Publicly available exploit code exists, and the CVSS 4.0 vector indicates network-reachable, unauthenticated exploitation with high impact to confidentiality, integrity, and availability. No CISA KEV listing has been published, so exploitation is not confirmed in the wild despite the public PoC.
OS command injection in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote unauthenticated attackers to execute arbitrary operating system commands by manipulating the admpass argument sent to the setPasswordCfg function in /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, and the SSVC framework rates technical impact as total with automatable exploitation, though EPSS remains low at 0.20%. The flaw is reachable over the network without authentication or user interaction, giving an attacker full control of the device.
Remote authenticated attackers can execute arbitrary code on Totolink N300RH 3.2.4-B20220812 routers via buffer overflow in the setMacFilterRules function. Exploitation requires low-privilege authentication to the router's web interface, then sending a crafted POST request with an oversized mac_address parameter to /cgi-bin/cstecgi.cgi. Public exploit code is available (documented on Notion), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network attack vector, publicly available POC, and vulnerable IoT device suggest moderate real-world risk for internet-exposed routers with default or weak credentials.
Buffer overflow in Totolink N300RH router firmware 3.2.4-B20220812 allows authenticated remote attackers to achieve complete device compromise via crafted DNS parameter in WAN configuration requests. The vulnerability exists in the setWanConfig function within /cgi-bin/cstecgi.cgi POST handler, exploitable by manipulating the priDns argument. Public exploit code is available (CVSS E:P), and CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact on the vulnerable device with no cross-scope effects.
Buffer overflow in Totolink N300RH router firmware 3.2.4-B20220812 enables authenticated remote attackers to achieve code execution via crafted FileName parameter to the setUpgradeFW function in /cgi-bin/cstecgi.cgi. Public exploit code is available (documented in Notion). CVSS 7.4 with CVSS 4.0 Exploit maturity 'Proof-of-concept' confirms POC exists. Not listed in CISA KEV, suggesting limited real-world exploitation despite public POC.
Remote unauthenticated attackers can execute arbitrary code on Totolink N300RH routers version 3.2.4-B20220812 by sending crafted Password parameter values to the loginauth authentication function in /cgi-bin/cstecgi.cgi, triggering a stack-based buffer overflow. Exploitation probability is moderate (EPSS score not provided, but publicly available exploit code exists per VulDB reference). This affects consumer-grade wireless routers often deployed in home/SOHO environments with default internet-facing management interfaces, creating significant remote compromise risk despite the device's end-of-life status.
External file inclusion in Totolink N300RH firmware 6.1c.1353_B20190305 allows remote unauthenticated attackers to manipulate the FileName parameter in the setUploadSetting function via /cgi-bin/cstecgi.cgi, enabling arbitrary file writes and denial of service. Publicly available exploit code exists, and the vulnerability carries a CVSS score of 6.5 reflecting network-accessible attack vector with low complexity.
Remote code execution in Totolink N300RH firmware 6.1c.1353_B20190305 allows unauthenticated network attackers to execute arbitrary OS commands via command injection in the FileName parameter of the setUpgradeUboot function in upgrade.so. Publicly available exploit code exists for this vulnerability, which carries a CVSS 6.9 score reflecting network-accessible attack vector with low complexity and no authentication requirements.