HIGHCVE-2026-7749Published 2026-05-04Modified 2026-05-05CNA VulDB

CVE-2026-7749: Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Totolink / N300RH
3.2.4-B20220812

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-360924 | Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow
VDB-360924 | CTI Indicators (IOB, IOC, IOA)
Submit #807203 | Totolink N300RH N300RH V3_Firmware V3.2.4-B20220812 Buffer Overflow
lavender-bicycle-a5a.notion.site
totolink.net

Metrics