VYPR

N300RH

by Totolink

CVEs (19)

  • CVE-2026-10187CriMay 31, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer…

  • CVE-2026-9543CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be…

  • CVE-2026-7747CriMay 4, 2026
    risk 0.64cvss 9.8epss 0.01

    A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow.…

  • CVE-2025-34319CriDec 3, 2025
    risk 0.61cvss epss 0.04

    TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger…

  • CVE-2025-52089HigJul 11, 2025
    risk 0.61cvss 8.8epss 0.07

    A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.

  • CVE-2026-7750HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack…

  • CVE-2026-7749HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be…

  • CVE-2026-7748HigMay 4, 2026
    risk 0.57cvss 8.8epss 0.00

    A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The…

  • CVE-2025-6400HigJun 21, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP POST Message Handler. The manipulation of the argument service_type leads to…

  • CVE-2026-6158HigApr 13, 2026
    risk 0.48cvss 7.3epss 0.01

    A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2026-7219HigApr 28, 2026
    risk 0.47cvss 7.2epss 0.01

    A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and…

  • CVE-2026-7218HigApr 28, 2026
    risk 0.47cvss 7.2epss 0.00

    A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is…

  • CVE-2026-3696HigMar 8, 2026
    risk 0.47cvss 7.3epss 0.02

    A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated…

  • CVE-2026-7633MedMay 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is…

  • CVE-2025-4851MedMay 18, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated…

  • CVE-2025-4850MedMay 18, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It is possible to initiate the…

  • CVE-2025-4849MedMay 18, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command injection. The attack may…

  • CVE-2025-6401LowJun 21, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The…

  • CVE-2026-3301Feb 27, 2026
    risk 0.00cvss epss 0.04

    A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os…