CVE-2026-3301

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
8.9HIGH
EPSS
1.0%
top 22.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink N300rhTotolink N300rh Firmware
Timeline
PublishedFeb 27

Description

A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/n300rh6.1c.1353_B20190305
NVDtotolink/n300rh_firmware6.1c.1349_b20181018, 6.1c.1353_b20190305+1

🔴Vulnerability Details

2
CVEList
Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection2026-02-27
GHSA
GHSA-jppp-pmhm-3cp9: A security flaw has been discovered in Totolink N300RH 62026-02-27
CVE-2026-3301 (HIGH CVSS 8.9) | A security flaw has been discovered | cvebase.io