Skip to main content

Totolink N300RH CVE-2026-7747

| EUVDEUVD-2026-26937 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-04 VulDB
8.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.9 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

9
PoC Detected
May 04, 2026 - 15:17 vuln.today
Public exploit code
Analysis Updated
May 04, 2026 - 09:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 04, 2026 - 09:22 vuln.today
cvss_changed
Severity Changed
May 04, 2026 - 09:22 NVD
CRITICAL HIGH
CVSS changed
May 04, 2026 - 09:22 NVD
9.8 (CRITICAL) 8.9 (HIGH)
Analysis Generated
May 04, 2026 - 09:16 vuln.today
EUVD ID Assigned
May 04, 2026 - 09:00 euvd
EUVD-2026-26937
Analysis Generated
May 04, 2026 - 09:00 vuln.today
CVE Published
May 04, 2026 - 08:15 nvd
HIGH 8.9

DescriptionCVE.org

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Remote unauthenticated attackers can execute arbitrary code on Totolink N300RH routers version 3.2.4-B20220812 by sending crafted Password parameter values to the loginauth authentication function in /cgi-bin/cstecgi.cgi, triggering a stack-based buffer overflow. Exploitation probability is moderate (EPSS score not provided, but publicly available exploit code exists per VulDB reference). This affects consumer-grade wireless routers often deployed in home/SOHO environments with default internet-facing management interfaces, creating significant remote compromise risk despite the device's end-of-life status.

Technical ContextAI

This vulnerability affects the loginauth function in Totolink N300RH firmware 3.2.4-B20220812, a consumer wireless router. The flaw is a classic stack-based buffer overflow (CWE-120) in the CGI parameter handler processing the Password argument during authentication to /cgi-bin/cstecgi.cgi. When oversized or malformed data is submitted to the Password field, inadequate bounds checking allows attackers to overwrite adjacent memory regions, corrupting the call stack and redirecting execution flow. The CVSS 4.0 vector indicates this is exploitable over the network (AV:N) with low complexity (AC:L) requiring no authentication (PR:N) or user interaction (UI:N), achieving high impact to confidentiality, integrity, and availability of the vulnerable component. The CPE string cpe:2.3:a:totolink:n300rh identifies this as application-level firmware running on dedicated router hardware, where memory corruption vulnerabilities typically grant full administrative access to the device.

RemediationAI

No vendor-released patch for CVE-2026-7747 has been identified at time of analysis; Totolink has not published security advisories addressing this buffer overflow per references available at https://www.totolink.net/. Immediate compensating controls: (1) Disable remote management interface access and restrict administrative access to trusted internal networks only-this eliminates the AV:N attack vector but prevents legitimate remote administration; (2) Replace affected Totolink N300RH 3.2.4-B20220812 devices with actively supported router models from vendors with established security response programs; (3) If replacement is not immediately feasible, place affected routers behind defense-in-depth controls such as firewall rules blocking external access to TCP ports typically used for router management (80, 443, 8080) and implement network segmentation to isolate router management plane from production networks. Monitor vendor advisories at https://www.totolink.net/ and VulDB tracking page https://vuldb.com/vuln/360922 for future patch availability, though given the specific build date (2022) this firmware version may be end-of-life.

Share

CVE-2026-7747 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy