CVE-2026-7748
HIGHTotolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow
Title source: cnaDescription
A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-360923 | Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow
https://vuldb.com/vuln/360923
Signature, Permissions Required signature
permissions-required
VDB-360923 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/360923/cti
Third Party Advisory third-party-advisory
Submit #807202 | Totolink N300RH N300RH V3_Firmware V3.2.4-B20220812 Buffer Overflow
https://vuldb.com/submit/807202
Patch exploit
patch
https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setUpgradeFW-34553a41781f80abb1d1c627d7ff4329?pvs=73
Product product
https://www.totolink.net/
Scores
CVSS v3
8.8
EPSS
0.0009
EPSS Percentile
24.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
CWE-120
Status
published
Products (1)
Totolink/N300RH
3.2.4-B20220812
Published
May 04, 2026
Tracked Since
May 04, 2026