CVE-2026-3301 identifies a critical OS command injection vulnerability in the Totolink N300RH router, firmware version 6.1c.1353_B20190305. The vulnerability resides in the setWebWlanIdx function within the /cgi-bin/cstecgi.cgi component of the device's web management interface. By manipulating the webWlanIdx argument, an attacker can inject arbitrary operating system commands that the device executes with the privileges of the web server process. This flaw is remotely exploitable without requiring authentication or user interaction, making it highly accessible to attackers. The vulnerability is classified as critical with a CVSS 4.0 score of 9.3, reflecting its high impact on confidentiality, integrity, and availability. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The vulnerability affects the device's core management interface, potentially allowing full device compromise, unauthorized configuration changes, or pivoting into internal networks. Although no active exploitation has been reported, the public release of exploit code increases the urgency for mitigation. No official patches have been linked yet, indicating that affected users must rely on alternative mitigations until a firmware update is available.

The impact of CVE-2026-3301 is severe for organizations using the Totolink N300RH router, particularly those running the vulnerable firmware version. Successful exploitation allows remote attackers to execute arbitrary OS commands, leading to full device compromise. This can result in unauthorized access to network traffic, interception or manipulation of data, disruption of network services, and potential lateral movement within internal networks. The confidentiality, integrity, and availability of organizational networks are at risk. Compromised routers can be used as entry points for further attacks, including data exfiltration, deployment of malware, or establishing persistent backdoors. Small and medium enterprises, home users, and branch offices relying on this device are especially vulnerable. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation. The public availability of exploit code further elevates the threat level globally.

1. Immediately check the firmware version of all Totolink N300RH devices and isolate those running version 6.1c.1353_B20190305. 2. Monitor the vendor's official channels for firmware updates or patches addressing this vulnerability and apply them promptly once available. 3. If no patch is available, restrict access to the router's web management interface by limiting exposure to trusted internal networks only, using firewall rules or network segmentation. 4. Disable remote management features if not required to reduce the attack surface. 5. Implement network intrusion detection/prevention systems (IDS/IPS) with signatures to detect exploitation attempts targeting the webWlanIdx parameter. 6. Regularly audit router configurations and logs for suspicious activities indicative of exploitation. 7. Consider replacing vulnerable devices if timely patches are not provided, especially in high-security environments. 8. Educate network administrators about the risks and signs of exploitation related to this vulnerability.