Skip to main content

Totolink N300RH CVE-2026-7748

| EUVDEUVD-2026-26939 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-04 VulDB
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
PoC Detected
May 04, 2026 - 15:17 vuln.today
Public exploit code
Analysis Updated
May 04, 2026 - 10:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 04, 2026 - 10:22 vuln.today
cvss_changed
CVSS changed
May 04, 2026 - 10:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 04, 2026 - 10:00 vuln.today
EUVD ID Assigned
May 04, 2026 - 09:45 euvd
EUVD-2026-26939
Analysis Generated
May 04, 2026 - 09:45 vuln.today
CVE Published
May 04, 2026 - 08:30 nvd
HIGH 7.4

DescriptionCVE.org

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

Buffer overflow in Totolink N300RH router firmware 3.2.4-B20220812 enables authenticated remote attackers to achieve code execution via crafted FileName parameter to the setUpgradeFW function in /cgi-bin/cstecgi.cgi. Public exploit code is available (documented in Notion). CVSS 7.4 with CVSS 4.0 Exploit maturity 'Proof-of-concept' confirms POC exists. Not listed in CISA KEV, suggesting limited real-world exploitation despite public POC.

Technical ContextAI

This is a classic stack-based buffer overflow (CWE-120) in the firmware upgrade handler of a consumer-grade router. The vulnerable function setUpgradeFW processes POST requests to /cgi-bin/cstecgi.cgi without proper bounds checking on the FileName parameter, allowing an attacker to write beyond allocated buffer boundaries. Consumer router firmware often uses CGI scripts written in C/C++ for web interfaces, and inadequate input validation in file upload handlers is a common vulnerability pattern. The CPE cpe:2.3:a:totolink:n300rh:*:*:*:*:*:*:*:* identifies this as an application-layer vulnerability in Totolink's N300RH product line. Buffer overflows in embedded device firmware can lead to arbitrary code execution with the privileges of the web server process, typically root on such devices.

RemediationAI

No vendor-released security patch or firmware update has been identified in the available references at time of analysis. Check Totolink's official support site (https://www.totolink.net/) for firmware updates newer than 3.2.4-B20220812. Compensating controls: Disable remote administration access to the router web interface from WAN/internet side - configure firewall rules to block external access to ports 80/443/8080 on the device's WAN IP, limiting admin access to LAN-side only (trade-off: eliminates remote management capability). Change default administrative credentials immediately to strong unique passwords, as PR:L requirement means attackers need valid credentials (trade-off: does not fix the vulnerability but raises exploitation bar). Implement network segmentation to isolate IoT/router management networks from critical systems, limiting blast radius if device is compromised. For enterprise deployments, consider replacing affected devices with enterprise-grade equipment that receives regular security updates. Monitor device logs for unexpected POST requests to /cgi-bin/cstecgi.cgi with abnormally long FileName parameters as potential exploitation attempts.

Share

CVE-2026-7748 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy