Which versions of Totolink WA300 are affected by EUVD-2026-26868?

CVE-2026-7717 is a buffer overflow vulnerability in Totolink WA300 range extender firmware that permits authenticated attackers to execute arbitrary code or disable affected devices through a network…

Is there a public PoC exploit available for EUVD-2026-26868?

Yes, a public proof-of-concept exploit is available for EUVD-2026-26868. Prioritise patching immediately. EPSS: 0.1%.

Totolink WA300 EUVD-2026-26868

Q: What is the CVSS score of EUVD-2026-26868?

EUVD-2026-26868 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-7717 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-04 VulDB

Buffer Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 04, 2026 - 15:18 vuln.today

Public exploit code

Analysis Generated

May 04, 2026 - 01:48 vuln.today

CVSS changed

May 04, 2026 - 01:22 NVD

8.8 (HIGH) 7.4 (HIGH)

EUVD ID Assigned

May 04, 2026 - 01:15 euvd

EUVD-2026-26868

Analysis Generated

May 04, 2026 - 01:15 vuln.today

CVE Published

May 04, 2026 - 01:00 nvd

HIGH 7.4

DescriptionNVD

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Buffer overflow in Totolink WA300 wireless range extender firmware 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted File parameter to the UploadCustomModule function in /cgi-bin/cstecgi.cgi. Public proof-of-concept exploit exists (documented in Notion page), enabling low-skill exploitation. …

RemediationAI

Within 24 hours: Inventory all Totolink WA300 devices and identify those running firmware 5.2cu.7112_B20190227 or earlier; isolate affected devices from untrusted network segments if feasible. Within 7 days: Contact Totolik support to confirm patch availability timeline and expected release date; implement network-level access controls restricting access to /cgi-bin/cstecgi.cgi to trusted administrative IPs only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26868 vulnerability details – vuln.today

Back

Totolink WA300 EUVD-2026-26868

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Totolink WA300 EUVD-2026-26868

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code