Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
AnalysisAI
Remote authenticated attackers can execute arbitrary code on Totolink N300RH 3.2.4-B20220812 routers via buffer overflow in the setMacFilterRules function. Exploitation requires low-privilege authentication to the router's web interface, then sending a crafted POST request with an oversized mac_address parameter to /cgi-bin/cstecgi.cgi. Public exploit code is available (documented on Notion), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network attack vector, publicly available POC, and vulnerable IoT device suggest moderate real-world risk for internet-exposed routers with default or weak credentials.
Technical ContextAI
This vulnerability resides in the setMacFilterRules CGI function within the Totolink N300RH router firmware (version 3.2.4-B20220812), specifically in the POST request handler at /cgi-bin/cstecgi.cgi. The root cause is CWE-120, a classic buffer overflow where insufficient bounds checking allows an attacker to write beyond allocated memory when processing the mac_address parameter. Buffer overflows in embedded device CGI handlers are common because firmware developers often use unsafe C functions (strcpy, sprintf) without input validation. The CGI endpoint likely expects MAC addresses in standard format (e.g., AA:BB:CC:DD:EE:FF) but fails to enforce maximum length, allowing attackers to supply arbitrarily long strings that overwrite adjacent memory regions, including return addresses and function pointers. The affected product CPE (cpe:2.3:a:totolink:n300rh) identifies this as a Totolink N300RH wireless router application firmware component.
RemediationAI
No vendor-released security patch has been identified at the time of analysis despite the public disclosure. Users should immediately check https://www.totolink.net/ for firmware updates newer than 3.2.4-B20220812, though the lack of vendor advisory suggests a patch may not be available. Compensating controls with their trade-offs: (1) Disable remote management interfaces entirely and restrict web admin access to local network only via router firewall rules - this prevents internet-based exploitation but requires physical/VPN access for configuration changes. (2) Change default administrator credentials to strong unique passwords immediately - this raises the authentication barrier (PR:L requirement) but does not eliminate risk if credentials are later compromised. (3) If MAC address filtering is not required for your network security model, disable the feature entirely to remove the vulnerable attack surface - this eliminates the specific vulnerability but removes a network access control mechanism some environments rely on. (4) Place the router behind a more secure edge device or replace with a different model if Totolink does not release a patch within your organization's risk tolerance window. Monitor VulDB (https://vuldb.com/vuln/360925) and vendor channels for patch announcements.
OS command injection in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote unauthenticated attacker
Stack-based buffer overflow in the Totolink N300RH router (firmware 6.1c.1353_B20190305) allows remote attackers to corr
Remote unauthenticated attackers can execute arbitrary code on Totolink N300RH routers version 3.2.4-B20220812 by sendin
Buffer overflow in Totolink N300RH router firmware 3.2.4-B20220812 allows authenticated remote attackers to achieve comp
Buffer overflow in Totolink N300RH router firmware 3.2.4-B20220812 enables authenticated remote attackers to achieve cod
Remote code execution in Totolink N300RH firmware 6.1c.1353_B20190305 allows unauthenticated network attackers to execut
External file inclusion in Totolink N300RH firmware 6.1c.1353_B20190305 allows remote unauthenticated attackers to manip
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26942