Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
AnalysisAI
Buffer overflow in Totolink N300RH router firmware 3.2.4-B20220812 enables authenticated remote attackers to achieve code execution via crafted FileName parameter to the setUpgradeFW function in /cgi-bin/cstecgi.cgi. Public exploit code is available (documented in Notion). CVSS 7.4 with CVSS 4.0 Exploit maturity 'Proof-of-concept' confirms POC exists. Not listed in CISA KEV, suggesting limited real-world exploitation despite public POC.
Technical ContextAI
This is a classic stack-based buffer overflow (CWE-120) in the firmware upgrade handler of a consumer-grade router. The vulnerable function setUpgradeFW processes POST requests to /cgi-bin/cstecgi.cgi without proper bounds checking on the FileName parameter, allowing an attacker to write beyond allocated buffer boundaries. Consumer router firmware often uses CGI scripts written in C/C++ for web interfaces, and inadequate input validation in file upload handlers is a common vulnerability pattern. The CPE cpe:2.3:a:totolink:n300rh:*:*:*:*:*:*:*:* identifies this as an application-layer vulnerability in Totolink's N300RH product line. Buffer overflows in embedded device firmware can lead to arbitrary code execution with the privileges of the web server process, typically root on such devices.
RemediationAI
No vendor-released security patch or firmware update has been identified in the available references at time of analysis. Check Totolink's official support site (https://www.totolink.net/) for firmware updates newer than 3.2.4-B20220812. Compensating controls: Disable remote administration access to the router web interface from WAN/internet side - configure firewall rules to block external access to ports 80/443/8080 on the device's WAN IP, limiting admin access to LAN-side only (trade-off: eliminates remote management capability). Change default administrative credentials immediately to strong unique passwords, as PR:L requirement means attackers need valid credentials (trade-off: does not fix the vulnerability but raises exploitation bar). Implement network segmentation to isolate IoT/router management networks from critical systems, limiting blast radius if device is compromised. For enterprise deployments, consider replacing affected devices with enterprise-grade equipment that receives regular security updates. Monitor device logs for unexpected POST requests to /cgi-bin/cstecgi.cgi with abnormally long FileName parameters as potential exploitation attempts.
OS command injection in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote unauthenticated attacker
Stack-based buffer overflow in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote attackers to corr
Remote unauthenticated attackers can execute arbitrary code on Totolink N300RH routers version 3.2.4-B20220812 by sendin
Remote authenticated attackers can execute arbitrary code on Totolink N300RH 3.2.4-B20220812 routers via buffer overflow
Buffer overflow in Totolink N300RH router firmware 3.2.4-B20220812 allows authenticated remote attackers to achieve comp
Remote code execution in Totolink N300RH firmware 6.1c.1353_B20190305 allows unauthenticated network attackers to execut
External file inclusion in Totolink N300RH firmware 6.1c.1353_B20190305 allows remote unauthenticated attackers to manip
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26939