VYPR

N300rh Firmware

by Totolink

CVEs (4)

  • CVE-2026-3696HigMar 8, 2026
    risk 0.47cvss 7.3epss 0.02

    A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated…

  • CVE-2025-6401LowJun 21, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The…

  • CVE-2025-52089Jul 11, 2025
    risk 0.03cvss epss 0.07

    A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.

  • CVE-2026-3301Feb 27, 2026
    risk 0.00cvss epss 0.04

    A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os…