Which versions of Totolink WA300 are affected by CVE-2026-7719?

CVE-2026-7719 is a high-severity remote code execution vulnerability affecting Totolink WA300 wireless repeaters running firmware 5.2cu.7112_B20190227, allowing unauthenticated attackers to…

Is there a public PoC exploit available for CVE-2026-7719?

Yes, a public proof-of-concept exploit is available for CVE-2026-7719. Prioritise patching immediately. EPSS: 0.1%.

Totolink WA300 CVE-2026-7719

Q: What is the CVSS score of CVE-2026-7719?

CVE-2026-7719 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26870 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-04 VulDB

Buffer Overflow

8.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 04, 2026 - 15:18 vuln.today

Public exploit code

Analysis Generated

May 04, 2026 - 02:30 vuln.today

Severity Changed

May 04, 2026 - 02:22 NVD

CRITICAL HIGH

CVSS changed

May 04, 2026 - 02:22 NVD

9.8 (CRITICAL) 8.9 (HIGH)

EUVD ID Assigned

May 04, 2026 - 02:15 euvd

EUVD-2026-26870

Analysis Generated

May 04, 2026 - 02:15 vuln.today

CVE Published

May 04, 2026 - 01:30 nvd

HIGH 8.9

DescriptionNVD

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Remote unauthenticated buffer overflow in Totolink WA300 wireless repeater firmware version 5.2cu.7112_B20190227 enables complete device compromise via crafted HTTP POST requests to the login authentication handler. The vulnerability resides in the loginauth function within /cgi-bin/cstecgi.cgi, where insufficient validation of the http_host parameter allows attackers to overflow memory and achieve arbitrary code execution with device privileges. …

RemediationAI

Within 24 hours: Identify and inventory all Totolink WA300 repeaters in production, confirm firmware version via admin console or SNMP queries, and isolate affected units to network segments with restricted access controls. Within 7 days: Contact Totolink support to confirm patch availability timeline and interim firmware options; if no patch timeline exists, implement network-level compensating controls (WAF rules blocking POST to /cgi-bin/cstecgi.cgi with oversized http_host parameters, or disable HTTP admin access via firewall rules). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7719 vulnerability details – vuln.today

Back

Totolink WA300 CVE-2026-7719

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Totolink WA300 CVE-2026-7719

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code