CVE 8.6 HIGH

Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow_CVE-2026-7218

April 27, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

AI Analysis

Buffer overflow vulnerability in Totolink N300RT via manipulation of the localPin argument in the is_cmd_string_valid function of the libapmib.so component.

Basic Information

ID CVE-2026-7218

Source VulDB

Published Apr 28, 2026 at 02:45

Affected Product

Vendor Totolink

Product N300RT

Version 3.4.0-B20250430

Affected Versions Totolink N300RT 3.4.0-B20250430

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Totolink

Product N300RT

Version 3.4.0-B20250430

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.",
    "published": "2026-04-28T02:45:13.239Z",
    "modified": "2026-04-28T02:45:13.239Z",
    "type": "cve",
    "title": "Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359818\nhttps://vuldb.com/vuln/359818/cti\nhttps://vuldb.com/submit/802127\nhttps://github.com/xiaohaiyang-ai/TOTOLINK-N300RT-Buffer-Overflow\nhttps://www.totolink.net/",
    "id": "CVE-2026-7218",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink N300RT 3.4.0-B20250430",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N300RT",
    "version": "3.4.0-B20250430",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink N300RT via manipulation of the localPin argument in the is_cmd_string_valid function of the libapmib.so component.",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "N300RT",
    "ai_version": "3.4.0-B20250430",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply