CVE-2026-10187

CRITICAL

Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-10187. PoCs published by passwa11.

AI-analyzed exploit summary This repository contains a detailed technical analysis of a stack-based buffer overflow vulnerability (CVE-2026-10187) in the TOTOLINK N300RH router, specifically in the `setWiFiBasicConfig` handler within `wireless.so`. The writeup includes root cause analysis, affected versions, and a proof-of-concept exploit demonstrating the vulnerability.

Description

A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Exploits (1)

github WRITEUP
by passwa11 · poc
https://github.com/passwa11/CVE-2026-10187

This repository contains a detailed technical analysis of a stack-based buffer overflow vulnerability (CVE-2026-10187) in the TOTOLINK N300RH router, specifically in the `setWiFiBasicConfig` handler within `wireless.so`. The writeup includes root cause analysis, affected versions, and a proof-of-concept exploit demonstrating the vulnerability.

Classification
Writeup 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: TOTOLINK N300RH Wireless Router (Firmware V6.1c.1390_B20191101)
No auth needed
Prerequisites: Network access to the target device's web management interface
devstral-2 · analyzed Jun 03, 2026 Full analysis →

References (7)

Core 7
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-367468 | Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow
https://vuldb.com/vuln/367468
Signature, Permissions Required signature permissions-required
VDB-367468 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/367468/cti
Third Party Advisory third-party-advisory
CVE-2026-10187 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10187
Third Party Advisory third-party-advisory
Submit #819971 | Totolink N300RHv4 V6.1c.1353_B20190305 stack-based buffer overflow
https://vuldb.com/submit/819971
Third Party Advisory third-party-advisory
Submit #820133 | Totolink N300RHv4 V6.1c.1353_B20190305 stack-based buffer overflow (Duplicate)
https://vuldb.com/submit/820133
Product product
https://www.totolink.net/

Scores

CVSS v3 9.8
EPSS 0.0019
EPSS Percentile 41.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-119 CWE-121
Status published
Products (1)
Totolink/N300RH 6.1c.1353_B20190305
Published May 31, 2026
Tracked Since May 31, 2026