CVE-2026-3696 | Totolink N300RH 6..1c.1353_B20190305 CGI /cgi-bin/cstecgi.cgi setWiFiWpsConfig os command injection

Inserito da Angelo Barbosa | Mar 7, 2026 | CVE

A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. It has been classified as critical. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection.

This vulnerability is identified as CVE-2026-3696. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-3696 | Totolink N300RH 6..1c.1353_B20190305 CGI /cgi-bin/cstecgi.cgi setWiFiWpsConfig os command injection

Post correlati

CVE-2025-52453 | Salesforce Tableau Server prior 2023.3.19/2024.2.12/2025.1.3 on Windows/Linux Data Source Module server-side request forgery

CVE-2026-28106 | Kings Plugins B2BKing Premium Plugin up to 5.3.80 on WordPress redirect

CVE-2024-2790 | HT Mega Plugin up to 2.4.8 on WordPress Accordion/FAQ cross site scripting

CVE-2021-47841 | gurayyarar SnipCommand 0.1.0 cross site scripting (Exploit 49829 / EDB-49829)