Which versions of Totolink N300RT are affected by EUVD-2026-25975?

CVE-2026-7219 is a buffer overflow vulnerability affecting Totolink N300RT routers running firmware 3.4.0-B20250430 that allows authenticated administrators to execute arbitrary code on the device.

Is there a public PoC exploit available for EUVD-2026-25975?

Yes, a public proof-of-concept exploit is available for EUVD-2026-25975. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2026-25975?

Within 24 hours: Inventory all Totolik N300RT devices and confirm current firmware versions (particularly 3.4.0-B20250430). Within 7 days: Restrict administrative access to the affected routers through network segmentation and enforce strong authentication policies for administrative accounts; implement monitoring for suspicious configuration changes. Within 30 days: Monitor Totolink security advisories for a vendor-released patch to firmware 3.4.0-B20250430 and establish a testing and deployment process for critical router firmware updates.

Totolink N300RT EUVD-2026-25975

Q: What is the CVSS score of EUVD-2026-25975?

EUVD-2026-25975 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-7219 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-28 VulDB

Buffer Overflow N300Rt

7.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.3 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 28, 2026 - 20:38 vuln.today

cvss_changed

PoC Detected

Apr 28, 2026 - 20:24 vuln.today

Public exploit code

Analysis Generated

Apr 28, 2026 - 04:30 vuln.today

CVSS changed

Apr 28, 2026 - 04:22 NVD

7.2 (HIGH) 7.3 (HIGH)

EUVD ID Assigned

Apr 28, 2026 - 04:15 euvd

EUVD-2026-25975

Analysis Generated

Apr 28, 2026 - 04:15 vuln.today

CVE Published

Apr 28, 2026 - 03:00 nvd

HIGH 7.3

DescriptionCVE.org

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

AnalysisAI

Buffer overflow in Totolink N300RT router firmware 3.4.0-B20250430 allows authenticated remote attackers with high-privilege administrative access to execute arbitrary code via crafted input to the entry_name parameter in /boafrm/formIpQoS. Public exploit code is available on GitHub demonstrating the vulnerability. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Obtain admin credentials

Delivery

Authenticate to web interface

Exploit

Send crafted POST to /boafrm/formIpQoS

Install

Trigger buffer overflow in entry_name

Overwrite return address

Execute

Execute arbitrary code

Impact

Establish persistence