{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3301", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-26T20:33:00.808Z", "datePublished": "2026-02-27T05:32:15.135Z", "dateUpdated": "2026-02-27T18:53:12.387Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-27T05:32:15.135Z"}, "title": "Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "Totolink", "product": "N300RH", "versions": [{"version": "6.1c.1353_B20190305", "status": "affected"}], "cpes": ["cpe:2.3:o:totolink:n300rh_firmware:*:*:*:*:*:*:*:*"], "modules": ["Web Management Interface"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "CRITICAL"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "CRITICAL"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "CRITICAL"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-26T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-26T21:38:06.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "xuanyu (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.348052", "name": "VDB-348052 | Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348052", "name": "VDB-348052 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.761297", "name": "Submit #761297 | TOTOLINK N300RH_V4 V6.1c.1353_B20190305 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/N300RHv4/01_setWebWlanIdx_RCE/README.md", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T18:53:02.851868Z", "id": "CVE-2026-3301", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:53:12.387Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3301", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-27T18:53:02.851868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:53:09.084Z"}}], "cna": {"title": "Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "xuanyu (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:totolink:n300rh_firmware:*:*:*:*:*:*:*:*"], "vendor": "Totolink", "modules": ["Web Management Interface"], "product": "N300RH", "versions": [{"status": "affected", "version": "6.1c.1353_B20190305"}]}], "timeline": [{"lang": "en", "time": "2026-02-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-26T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-26T21:38:06.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.348052", "name": "VDB-348052 | Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348052", "name": "VDB-348052 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.761297", "name": "Submit #761297 | TOTOLINK N300RH_V4 V6.1c.1353_B20190305 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/N300RHv4/01_setWebWlanIdx_RCE/README.md", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-27T05:32:15.135Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3301", "state": "PUBLISHED", "dateUpdated": "2026-02-27T18:53:12.387Z", "dateReserved": "2026-02-26T20:33:00.808Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-27T05:32:15.135Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n300rh_firmware:6.1c.1349_b20181018:*:*:*:*:*:*:*", "matchCriteriaId": "FBEBCE02-A9A6-48EE-BCEB-DA0D345E899B", "vulnerable": true}, {"criteria": "cpe:2.3:o:totolink:n300rh_firmware:6.1c.1353_b20190305:*:*:*:*:*:*:*", "matchCriteriaId": "53CB74DE-93CC-4E74-860E-233303AF77ED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n300rh:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "28EE5BE0-2048-42F8-BA04-0765D82F36BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks."}], "id": "CVE-2026-3301", "lastModified": "2026-02-27T15:36:49.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-27T06:18:00.480", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/N300RHv4/01_setWebWlanIdx_RCE/README.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.348052"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.348052"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.761297"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.totolink.net/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.1c.1353_B20190305"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "N300RH", "source": "cna", "vendor": "Totolink"}, "product": "n300rh", "vendor": "totolink"}], "analysis": {"en": {"generated_at": "2026-04-17T14:02:31.425584+00:00", "value": {"mitigation_remediation": ["Apply a firmware upgrade that removes the vulnerable cstecgi.cgi command injection flaw.", "If a firmware upgrade cannot be performed immediately, block remote access to the web management interface using firewall rules or network segmentation.", "If remote administration is not required, disable the web management feature entirely from the router configuration.", "Implement strict input validation on the webWlanIdx parameter to ensure only numeric values within the valid range are accepted (CWE\u201178)."], "summary": {"action": "Immediate Patch", "impact": "Remote Command Execution"}, "threat_synthesis": {"affected_systems": "All Totolink N300RH routers running firmware version 6.1c.1353_B20190305 are affected. This model is commonly sold as a consumer\u2011grade wireless access point and router in home and small office environments. Earlier firmware revisions may also contain the flaw, but the vulnerability is explicitly documented for this revision.", "description_and_impact": "The vulnerability resides in the setWebWlanIdx parameter of the /cgi-bin/cstecgi.cgi script that runs as part of the router's web management interface. Manipulating this argument allows an attacker to inject arbitrary operating\u2011system commands, which the device executes with elevated privileges. The flaw is a classic command injection and can be triggered exclusively through the network; a remote attacker simply needs to send a specially crafted HTTP request to exploit it. The impact is a full compromise of the device, giving the attacker the ability to run any command, modify firmware, or use the router as a launchpad for further attacks. This flaw exploits OS command injection weaknesses, identified as CWE\u201177 and CWE\u201178.", "risk_and_exploitability": "The CVSS base score for this vulnerability is 9.3, indicating critical severity. The EPSS score of 1% shows that the probability of exploitation in the wild is low but not negligible, especially since public exploits have already been released. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, yet the demonstrated remote attack vector and lack of legitimate mitigation paths mean it remains highly relevant to all affected deployments. Attacks can be launched from any network segment that can reach the router's management interface."}}}}, "created": "2026-02-27T16:06:11.283154+00:00", "updated": "2026-04-17T14:15:21.785543+00:00", "vendors": ["totolink", "totolink$PRODUCT$n300rh"]}