Lucene search
K

The vulnerability of the setWiFiWpsConfig() function in the /cgi-bin/cstecgi.cgi script of the TOTOLINK N300RH router’s microprogramming software, allowing a hacker to execute any command with root privileges.

🗓️ 01 Apr 2026 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType 
bdu_fstec
 bdu_fstec
🔗 bdu.fstec.ru👁 1 Views

Vulnerability in setWiFiWpsConfig() on TOTOLINK N300RH enables remote root command execution via unsanitized commands.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-3696
8 Mar 202600:32
attackerkb
CNNVD
TOTOLINK N300RH 操作系统命令注入漏洞
8 Mar 202600:00
cnnvd
CVE
CVE-2026-3696
8 Mar 202600:32
cve
Cvelist
CVE-2026-3696 Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection
8 Mar 202600:32
cvelist
EUVD
EUVD-2026-10203
8 Mar 202603:30
euvd
NVD
CVE-2026-3696
8 Mar 202601:15
nvd
OSV
CVE-2026-3696
8 Mar 202601:15
osv
Positive Technologies
PT-2026-23896
8 Mar 202600:00
ptsecurity
RedhatCVE
CVE-2026-3696
9 Mar 202601:42
redhatcve
Vulnrichment
CVE-2026-3696 Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection
8 Mar 202600:32
vulnrichment
Rows per page
Vulners
Node
totolinkn300rhMatch6.1c.1353_b20190305

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation