Description
A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-02-27
Score: 9.3 Critical
EPSS: 1.1% Low
KEV: No
Impact: Remote Command Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in the setWebWlanIdx parameter of the /cgi-bin/cstecgi.cgi script that runs as part of the router's web management interface. Manipulating this argument allows an attacker to inject arbitrary operating‑system commands, which the device executes with elevated privileges. The flaw is a classic command injection and can be triggered exclusively through the network; a remote attacker simply needs to send a specially crafted HTTP request to exploit it. The impact is a full compromise of the device, giving the attacker the ability to run any command, modify firmware, or use the router as a launchpad for further attacks. This flaw exploits OS command injection weaknesses, identified as CWE‑77 and CWE‑78.

Affected Systems

All Totolink N300RH routers running firmware version 6.1c.1353_B20190305 are affected. This model is commonly sold as a consumer‑grade wireless access point and router in home and small office environments. Earlier firmware revisions may also contain the flaw, but the vulnerability is explicitly documented for this revision.

Risk and Exploitability

The CVSS base score for this vulnerability is 9.3, indicating critical severity. The EPSS score of 1% shows that the probability of exploitation in the wild is low but not negligible, especially since public exploits have already been released. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, yet the demonstrated remote attack vector and lack of legitimate mitigation paths mean it remains highly relevant to all affected deployments. Attacks can be launched from any network segment that can reach the router's management interface.

Generated by OpenCVE AI on April 17, 2026 at 14:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a firmware upgrade that removes the vulnerable cstecgi.cgi command injection flaw.
  • If a firmware upgrade cannot be performed immediately, block remote access to the web management interface using firewall rules or network segmentation.
  • If remote administration is not required, disable the web management feature entirely from the router configuration.
  • Implement strict input validation on the webWlanIdx parameter to ensure only numeric values within the valid range are accepted (CWE‑78).

Generated by OpenCVE AI on April 17, 2026 at 14:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Totolink n300rh
CPEs cpe:2.3:h:totolink:n300rh:4.0:*:*:*:*:*:*:*
cpe:2.3:o:totolink:n300rh_firmware:6.1c.1349_b20181018:*:*:*:*:*:*:*
cpe:2.3:o:totolink:n300rh_firmware:6.1c.1353_b20190305:*:*:*:*:*:*:*
Vendors & Products Totolink n300rh

Fri, 27 Feb 2026 05:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Title Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection
First Time appeared Totolink
Totolink n300rh Firmware
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:o:totolink:n300rh_firmware:*:*:*:*:*:*:*:*
Vendors & Products Totolink
Totolink n300rh Firmware
References
Metrics cvssV2_0

{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Totolink N300rh N300rh Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-27T18:53:12.387Z

Reserved: 2026-02-26T20:33:00.808Z

Link: CVE-2026-3301

cve-icon Vulnrichment

Updated: 2026-02-27T18:53:09.084Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T06:18:00.480

Modified: 2026-02-27T15:36:49.730

Link: CVE-2026-3301

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:15:21Z

Weaknesses