Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
AnalysisAI
Remote unauthenticated buffer overflow in Totolink WA300 wireless repeater firmware version 5.2cu.7112_B20190227 enables complete device compromise via crafted HTTP POST requests to the login authentication handler. The vulnerability resides in the loginauth function within /cgi-bin/cstecgi.cgi, where insufficient validation of the http_host parameter allows attackers to overflow memory and achieve arbitrary code execution with device privileges. Publicly available exploit code exists (documented via Notion), enabling trivial exploitation with EPSS probability assessment pending but attack complexity rated low (AC:L) with no authentication barrier (PR:N).
Technical ContextAI
This is a classic stack-based buffer overflow (CWE-120) in embedded device firmware CGI handling code. The Totolink WA300 is a wireless range extender running custom firmware with web-based management accessible via CGI scripts. The loginauth function in cstecgi.cgi processes HTTP POST parameters during authentication without proper bounds checking on the http_host header value. When an oversized http_host parameter is supplied, it overflows the allocated buffer on the stack, corrupting adjacent memory including the return address. The CVSS vector indicates this is a network-accessible (AV:N) pre-authentication (PR:N) vulnerability requiring no user interaction (UI:N), affecting the primary system confidentiality, integrity, and availability (VC:H/VI:H/VA:H) without cross-scope impact. The CPE identifier cpe:2.3:a:totolink:wa300 confirms this affects the WA300 product line, specifically firmware version 5.2cu.7112_B20190227 based on the vulnerability description.
RemediationAI
No vendor-released patch or updated firmware version has been identified in available references at time of analysis. Organizations currently operating Totolink WA300 devices with firmware 5.2cu.7112_B20190227 should immediately implement network-level compensating controls given the absence of an official fix. Specific mitigations include: isolate WA300 management interfaces from untrusted networks by restricting administrative access to dedicated management VLANs or trusted IP ranges via firewall rules (this prevents remote exploitation but reduces management convenience); disable remote management features entirely if not operationally required and restrict access to local network segments only; deploy intrusion prevention systems with signatures detecting malformed http_host headers targeting /cgi-bin/cstecgi.cgi (though skilled attackers may evade signature-based detection); consider replacing affected devices with alternative wireless repeater solutions from vendors with active security support programs given the age of the vulnerable firmware (2019) and absence of patching response. Monitor vendor communications at https://www.totolink.net/ for future security updates, though the firmware age suggests end-of-life status may preclude patching.
Buffer overflow in Totolink WA300 wireless range extender firmware 5.2cu.7112_B20190227 allows authenticated remote atta
A critical OS command injection vulnerability exists in Totolink WA300 router firmware version 5.2cu.7112_B20190227, spe
Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execu
Command injection in Totolink WA300 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary comm
Command injection in Totolink WA300 firmware version 5.2cu.7112_B20190227 allows authenticated remote attackers to execu
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26870