Totolink N300rh Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink N300rh Firmware.
By the Year
In 2026 there have been 9 vulnerabilities in Totolink N300rh Firmware with an average score of 8.5 out of ten. Last year, in 2025 N300rh Firmware had 5 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.90.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 9 | 8.54 |
| 2025 | 5 | 7.64 |
It may take a day or so for new N300rh Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink N300rh Firmware Security Vulnerabilities
Totolink N300RH 6.1c Remote OS Cmd Injection via setPasswordCfg
CVE-2026-9543
9.8 - Critical
- May 26, 2026
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Shell injection
Buffer Overflow in Totolink N300RH 3.2.4-B20220812 setMacFilterRules
CVE-2026-7750
8.8 - High
- May 04, 2026
A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
Classic Buffer Overflow
Remote Buffer Overflow in Totolink N300RH 3.2.4 setWanConfig (POST)
CVE-2026-7749
8.8 - High
- May 04, 2026
A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Classic Buffer Overflow
Totolink N300RH 3.2.4 Buffer Overflow in POST Request Handler
CVE-2026-7748
8.8 - High
- May 04, 2026
A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Classic Buffer Overflow
Totolink N300RH 3.2.4 Param.Handler loginauth Buffer Overflow CVE-2026-7747
CVE-2026-7747
9.8 - Critical
- May 04, 2026
A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Classic Buffer Overflow
RFI in Totolink N300RH 6.1c via setUploadSetting
CVE-2026-7633
6.5 - Medium
- May 02, 2026
A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and might be used.
External Control of File Name or Path
Totolink N300RH 6.1c OS Command Injection via setUpgradeUboot in upgrade.so
CVE-2026-6158
7.3 - High
- April 13, 2026
A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Shell injection
TOTOLINK N300RH CGI Handler WPS Command Injection
CVE-2026-3696
7.3 - High
- March 08, 2026
A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Shell injection
OS Command Injection in Totolink N300RH 6.1c.1353 Web Management Interface
CVE-2026-3301
9.8 - Critical
- February 27, 2026
A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Shell injection
TOTOLINK N300RH 6.1c DoS via HTTP POST /boafrm/formFilter
CVE-2025-6401
3.5 - Low
- June 21, 2025
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been disclosed to the public and may be used.
Improper Resource Shutdown or Release
Critical BF in TOTOLINK N300RH 6.1c.1390_B20191101 HTTP /boafrm/formPortFw
CVE-2025-6400
8.8 - High
- June 21, 2025
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP POST Message Handler. The manipulation of the argument service_type leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
TOTOLINK N300RH 6.1c: Critical CMD Injection in /cgi-bin/cstecgi.cgi
CVE-2025-4851
9.8 - Critical
- May 18, 2025
A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Command Injection
Command Injection in TOTOLINK N300RH 6.1c via setUnloadUserData CGI
CVE-2025-4850
6.3 - Medium
- May 18, 2025
A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Command Injection
Crit CmdInj in CloudACMunualUpdateUserdata on TOTOLINK N300RH 6.1c.1390
CVE-2025-4849
9.8 - Critical
- May 18, 2025
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink N300rh Firmware or by Totolink? Click the Watch button to subscribe.
