Skip to main content

Totolink N300RH CVE-2026-7750

| EUVDEUVD-2026-26942 HIGH
Classic Buffer Overflow (CWE-120)
2026-05-04 VulDB
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
PoC Detected
May 04, 2026 - 15:17 vuln.today
Public exploit code
Analysis Updated
May 04, 2026 - 10:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 04, 2026 - 10:22 vuln.today
cvss_changed
CVSS changed
May 04, 2026 - 10:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 04, 2026 - 10:00 vuln.today
EUVD ID Assigned
May 04, 2026 - 09:45 euvd
EUVD-2026-26942
Analysis Generated
May 04, 2026 - 09:45 vuln.today
CVE Published
May 04, 2026 - 09:00 nvd
HIGH 7.4

DescriptionCVE.org

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.

AnalysisAI

Remote authenticated attackers can execute arbitrary code on Totolink N300RH 3.2.4-B20220812 routers via buffer overflow in the setMacFilterRules function. Exploitation requires low-privilege authentication to the router's web interface, then sending a crafted POST request with an oversized mac_address parameter to /cgi-bin/cstecgi.cgi. Public exploit code is available (documented on Notion), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network attack vector, publicly available POC, and vulnerable IoT device suggest moderate real-world risk for internet-exposed routers with default or weak credentials.

Technical ContextAI

This vulnerability resides in the setMacFilterRules CGI function within the Totolink N300RH router firmware (version 3.2.4-B20220812), specifically in the POST request handler at /cgi-bin/cstecgi.cgi. The root cause is CWE-120, a classic buffer overflow where insufficient bounds checking allows an attacker to write beyond allocated memory when processing the mac_address parameter. Buffer overflows in embedded device CGI handlers are common because firmware developers often use unsafe C functions (strcpy, sprintf) without input validation. The CGI endpoint likely expects MAC addresses in standard format (e.g., AA:BB:CC:DD:EE:FF) but fails to enforce maximum length, allowing attackers to supply arbitrarily long strings that overwrite adjacent memory regions, including return addresses and function pointers. The affected product CPE (cpe:2.3:a:totolink:n300rh) identifies this as a Totolink N300RH wireless router application firmware component.

RemediationAI

No vendor-released security patch has been identified at the time of analysis despite the public disclosure. Users should immediately check https://www.totolink.net/ for firmware updates newer than 3.2.4-B20220812, though the lack of vendor advisory suggests a patch may not be available. Compensating controls with their trade-offs: (1) Disable remote management interfaces entirely and restrict web admin access to local network only via router firewall rules - this prevents internet-based exploitation but requires physical/VPN access for configuration changes. (2) Change default administrator credentials to strong unique passwords immediately - this raises the authentication barrier (PR:L requirement) but does not eliminate risk if credentials are later compromised. (3) If MAC address filtering is not required for your network security model, disable the feature entirely to remove the vulnerable attack surface - this eliminates the specific vulnerability but removes a network access control mechanism some environments rely on. (4) Place the router behind a more secure edge device or replace with a different model if Totolink does not release a patch within your organization's risk tolerance window. Monitor VulDB (https://vuldb.com/vuln/360925) and vendor channels for patch announcements.

Share

CVE-2026-7750 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy