Totolink N300rh Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink N300rh Firmware.
By the Year
In 2026 there have been 2 vulnerabilities in Totolink N300rh Firmware with an average score of 8.6 out of ten. Last year, in 2025 N300rh Firmware had 5 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in N300rh Firmware in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.91.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 8.55 |
| 2025 | 5 | 7.64 |
It may take a day or so for new N300rh Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink N300rh Firmware Security Vulnerabilities
TOTOLINK N300RH CGI Handler WPS Command Injection
CVE-2026-3696
7.3 - High
- March 08, 2026
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Shell injection
OS Command Injection in Totolink N300RH 6.1c.1353 Web Management Interface
CVE-2026-3301
9.8 - Critical
- February 27, 2026
A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Shell injection
TOTOLINK N300RH 6.1c DoS via HTTP POST /boafrm/formFilter
CVE-2025-6401
3.5 - Low
- June 21, 2025
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been disclosed to the public and may be used.
Improper Resource Shutdown or Release
Critical BF in TOTOLINK N300RH 6.1c.1390_B20191101 HTTP /boafrm/formPortFw
CVE-2025-6400
8.8 - High
- June 21, 2025
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP POST Message Handler. The manipulation of the argument service_type leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
TOTOLINK N300RH 6.1c: Critical CMD Injection in /cgi-bin/cstecgi.cgi
CVE-2025-4851
9.8 - Critical
- May 18, 2025
A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Command Injection
Command Injection in TOTOLINK N300RH 6.1c via setUnloadUserData CGI
CVE-2025-4850
6.3 - Medium
- May 18, 2025
A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Command Injection
Crit CmdInj in CloudACMunualUpdateUserdata on TOTOLINK N300RH 6.1c.1390
CVE-2025-4849
9.8 - Critical
- May 18, 2025
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink N300rh Firmware or by Totolink? Click the Watch button to subscribe.
