CVE 8.7 HIGH

Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow_CVE-2026-7717

May 3, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

AI Analysis

Buffer overflow vulnerability in Totolink WA300 via the UploadCustomModule function in the /cgi-bin/cstecgi.cgi file, allowing remote attackers to execute arbitrary code.

Basic Information

ID CVE-2026-7717

Source VulDB

Published May 4, 2026 at 01:00

Affected Product

Vendor Totolink

Product WA300

Version 5.2cu.7112_B20190227

Affected Versions Totolink WA300 5.2cu.7112_B20190227

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Totolink

Product WA300

Version 5.2cu.7112_B20190227

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2026-05-04T01:00:23.203Z",
    "modified": "2026-05-04T01:00:23.203Z",
    "type": "cve",
    "title": "Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360893\nhttps://vuldb.com/vuln/360893/cti\nhttps://vuldb.com/submit/807193\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-WA300-UploadCustomModule-34553a41781f80a8a287e48a7fb04de9\nhttps://www.totolink.net/",
    "id": "CVE-2026-7717",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink WA300 5.2cu.7112_B20190227",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WA300",
    "version": "5.2cu.7112_B20190227",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink WA300 via the UploadCustomModule function in the /cgi-bin/cstecgi.cgi file, allowing remote attackers to execute arbitrary code.",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "WA300",
    "ai_version": "5.2cu.7112_B20190227",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply