Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
AnalysisAI
Buffer overflow in Totolink WA300 wireless range extender firmware 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted File parameter to the UploadCustomModule function in /cgi-bin/cstecgi.cgi. Public proof-of-concept exploit exists (documented in Notion page), enabling low-skill exploitation. EPSS data not available, but low attack complexity (AC:L) and network attack vector (AV:N) combined with public POC indicate elevated real-world risk for affected devices exposed to untrusted authenticated users.
Technical ContextAI
This vulnerability affects the Totolink WA300 wireless range extender, specifically the POST request handler in the /cgi-bin/cstecgi.cgi CGI endpoint. The underlying issue is CWE-120 (Buffer Copy Without Checking Size of Input), a classic memory safety flaw in C/C++ code common in embedded device firmware. The UploadCustomModule function fails to validate the size of data passed through the File parameter before copying it to a fixed-size buffer, allowing an attacker to write beyond buffer boundaries. This class of vulnerability in CGI handlers is particularly dangerous because it processes network-reachable HTTP requests and typically runs with elevated privileges on embedded devices. The affected CPE string (cpe:2.3:a:totolink:wa300:*:*:*:*:*:*:*:*) indicates all versions of the WA300 product line may be vulnerable, though the description specifically confirms version 5.2cu.7112_B20190227.
RemediationAI
Check Totolink's official support site (https://www.totolink.net/) for firmware updates for the WA300 model, though no specific patched version is confirmed in available intelligence at time of analysis. If updated firmware is available, upgrade immediately following vendor instructions. In absence of vendor patch, implement compensating controls: restrict administrative access to the device management interface to trusted networks only by disabling remote management and accessing only via local LAN; change default administrative credentials to strong unique passwords (minimum 16 characters) to raise the authentication barrier; place WA300 devices on isolated network segments without direct internet exposure to management interfaces; monitor device logs for unexpected POST requests to /cgi-bin/cstecgi.cgi; consider replacing affected devices with alternative models if vendor support appears abandoned (last confirmed firmware from 2019). Note that disabling the UploadCustomModule functionality may not be user-configurable. Device replacement may be most practical solution given the age of affected firmware and potential lack of ongoing vendor support for this consumer product line.
Remote unauthenticated buffer overflow in Totolink WA300 wireless repeater firmware version 5.2cu.7112_B20190227 enables
A critical OS command injection vulnerability exists in Totolink WA300 router firmware version 5.2cu.7112_B20190227, spe
Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execu
Command injection in Totolink WA300 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary comm
Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execu
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26868