CVE-2026-3301

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Totolink N300RH version 6.1c.1353 B20190305

Description A security flaw exists in the Totolink N300RH router. The issue is located in the setWebWlanIdx function of the /cgi-bin/cstecgi.cgi file within the Web Management Interface component. Manipulation of the webWlanIdx argument can lead to operating system command injection. The attack can be initiated remotely. The exploit for this issue has been publicly released.

Recommendations For Totolink N300RH version 6.1c.1353 B20190305, temporarily disable the Web Management Interface to prevent remote exploitation of the setWebWlanIdx function.

Exploit

Fix

RCE

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2026-02537

CVE-2026-3301

Affected Products

Totolink N300Rt

CVE-2026-3301

Weakness Enumeration

Related Identifiers

Affected Products

References · 16