CVE 9.3 CRITICAL

Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow_CVE-2026-7719

May 3, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

AI Analysis

Buffer overflow vulnerability in Totolink WA300 via the loginauth function of the cstecgi.cgi file, allowing remote attacks.

Basic Information

ID CVE-2026-7719

Source VulDB

Published May 4, 2026 at 01:30

Affected Product

Vendor Totolink

Product WA300

Version 5.2cu.7112_B20190227

Affected Versions Totolink WA300 5.2cu.7112_B20190227

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Totolink

Product WA300

Version 5.2cu.7112_B20190227

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-05-04T01:30:16.375Z",
    "modified": "2026-05-04T01:30:16.375Z",
    "type": "cve",
    "title": "Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360895\nhttps://vuldb.com/vuln/360895/cti\nhttps://vuldb.com/submit/807197\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-WA300-loginAuth-34553a41781f8050b8ffc9e90a103cd5\nhttps://www.totolink.net/",
    "id": "CVE-2026-7719",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink WA300 5.2cu.7112_B20190227",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WA300",
    "version": "5.2cu.7112_B20190227",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink WA300 via the loginauth function of the cstecgi.cgi file, allowing remote attacks.",
    "ai_severity": "Critical",
    "ai_vendor": "Totolink",
    "ai_product": "WA300",
    "ai_version": "5.2cu.7112_B20190227",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply