Which versions of Totolink N300RT are affected by CVE-2026-7218?

CVE-2026-7218 is a high-severity buffer overflow in Totolink N300RT wireless routers (version 3.4.0-B20250430) that allows authenticated administrators to execute arbitrary code with full system…

Is there a public PoC exploit available for CVE-2026-7218?

Yes, a public proof-of-concept exploit is available for CVE-2026-7218. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-7218?

Within 24 hours: Inventory all Totolink N300RT devices, identify version 3.4.0-B20250430 instances, and document network location and administrative access controls. Within 7 days: Restrict administrative access to routers via network segmentation (limit admin panel access to dedicated management VLANs); disable WPS if operationally feasible; monitor for suspicious configuration changes in device logs. Within 30 days: Contact Totolink for patched firmware release timeline; evaluate replacement with vendor devices maintaining active security support; apply patch immediately upon release to all affected N300RT units.

Totolink N300RT CVE-2026-7218

Q: What is the CVSS score of CVE-2026-7218?

CVE-2026-7218 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-25974 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-28 VulDB

Buffer Overflow N300Rt

7.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.3 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 28, 2026 - 20:24 vuln.today

Public exploit code

Analysis Updated

Apr 28, 2026 - 03:31 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 28, 2026 - 03:22 vuln.today

cvss_changed

CVSS changed

Apr 28, 2026 - 03:22 NVD

7.2 (HIGH) 7.3 (HIGH)

Analysis Generated

Apr 28, 2026 - 03:16 vuln.today

EUVD ID Assigned

Apr 28, 2026 - 03:00 euvd

EUVD-2026-25974

Analysis Generated

Apr 28, 2026 - 03:00 vuln.today

CVE Published

Apr 28, 2026 - 02:45 nvd

HIGH 7.3

DescriptionCVE.org

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

AnalysisAI

Buffer overflow in Totolink N300RT 3.4.0-B20250430 enables authenticated remote code execution via the WPS configuration handler. An attacker with administrative credentials (PR:H) can send a crafted localPin parameter to /boafrm/formWsc, overflowing a buffer in the is_cmd_string_valid function (libapmib.so) to execute arbitrary code with full system access (VC:H/VI:H/VA:H). …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Obtain admin credentials

Delivery

Authenticate to web interface

Exploit

Send crafted POST to /boafrm/formWsc

Install

Trigger buffer overflow in is_cmd_string_valid

Overwrite return address

Execute

Execute shellcode as root

Impact

Establish persistence via firmware modification