CVE-2026-7749

HIGH

Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow

Title source: cna

Description

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

References (5)

Core 5

Core References

Product product

https://www.totolink.net/

Vdb Entry, Technical Description vdb-entry technical-description

VDB-360924 | Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow

https://vuldb.com/vuln/360924

Signature, Permissions Required signature permissions-required

VDB-360924 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/360924/cti

Third Party Advisory third-party-advisory

Submit #807203 | Totolink N300RH N300RH V3_Firmware V3.2.4-B20220812 Buffer Overflow

https://vuldb.com/submit/807203

Exploit exploit

https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setWanConfig-34553a41781f80ed8500d9b8d54074f2

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 9.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-120

Status published

Products (1)

Totolink/N300RH 3.2.4-B20220812

Published May 04, 2026

Tracked Since May 04, 2026