Which versions of Totolink N300RH are affected by CVE-2026-7747?

CVE-2026-7747 is a critical remote code execution vulnerability affecting Totolik N300RH routers (version 3.2.4-B20220812) that allows unauthenticated attackers to compromise devices through a stack…

Is there a public PoC exploit available for CVE-2026-7747?

Yes, a public proof-of-concept exploit is available for CVE-2026-7747. Prioritise patching immediately. EPSS: 0.1%.

Totolink N300RH CVE-2026-7747

Q: What is the CVSS score of CVE-2026-7747?

CVE-2026-7747 has a CVSS 4.0 base score of 8.9 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-26937 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-04 VulDB

Buffer Overflow

8.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 04, 2026 - 15:17 vuln.today

Public exploit code

Analysis Updated

May 04, 2026 - 09:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 04, 2026 - 09:22 vuln.today

cvss_changed

Severity Changed

May 04, 2026 - 09:22 NVD

CRITICAL HIGH

CVSS changed

May 04, 2026 - 09:22 NVD

9.8 (CRITICAL) 8.9 (HIGH)

Analysis Generated

May 04, 2026 - 09:16 vuln.today

EUVD ID Assigned

May 04, 2026 - 09:00 euvd

EUVD-2026-26937

Analysis Generated

May 04, 2026 - 09:00 vuln.today

CVE Published

May 04, 2026 - 08:15 nvd

HIGH 8.9

DescriptionNVD

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Remote unauthenticated attackers can execute arbitrary code on Totolink N300RH routers version 3.2.4-B20220812 by sending crafted Password parameter values to the loginauth authentication function in /cgi-bin/cstecgi.cgi, triggering a stack-based buffer overflow. Exploitation probability is moderate (EPSS score not provided, but publicly available exploit code exists per VulDB reference). …

RemediationAI

Within 24 hours: Identify all Totolik N300RH devices on your network using asset discovery tools; disable remote management access (WAN-side HTTP/HTTPS) via firewall rules if devices cannot be immediately replaced. Within 7 days: Replace affected Totolik N300RH units with current-generation routers from vendors with active security support; if replacement is impossible, isolate devices behind a properly configured VPN gateway and implement network segmentation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7747 vulnerability details – vuln.today

Back

Totolink N300RH CVE-2026-7747

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Totolink N300RH CVE-2026-7747

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code