CVE-2026-3696Command Injection in N300rh

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
1.9%
top 16.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink N300rhTotolink N300rh Firmware
Timeline
PublishedMar 8

Description

A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/n300rh6..1c.1353_B20190305
NVDtotolink/n300rh_firmware6.1c.1353_b20190305

🔴Vulnerability Details

2
GHSA
GHSA-g54x-w5rq-2789: A vulnerability was found in Totolink N300RH 62026-03-08
CVEList
Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection2026-03-08
CVE-2026-3696 — Command Injection in Totolink N300rh | cvebase