CVE 9.3 CRITICAL

Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow_CVE-2026-7747

May 4, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

AI Analysis

Buffer overflow vulnerability in Totolink N300RH via manipulation of the Password argument in the loginauth function of the cstecgi.cgi file, allowing remote attacks.

Basic Information

ID CVE-2026-7747

Source VulDB

Published May 4, 2026 at 08:15

Affected Product

Vendor Totolink

Product N300RH

Version 3.2.4-B20220812

Affected Versions Totolink N300RH 3.2.4-B20220812

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Totolink

Product N300RH

Version 3.2.4-B20220812

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-05-04T08:15:14.596Z",
    "modified": "2026-05-04T08:15:14.596Z",
    "type": "cve",
    "title": "Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360922\nhttps://vuldb.com/vuln/360922/cti\nhttps://vuldb.com/submit/807201\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-loginauth_password-34553a41781f80c0ad36f4d95122fd40?pvs=73\nhttps://www.totolink.net/",
    "id": "CVE-2026-7747",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink N300RH 3.2.4-B20220812",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N300RH",
    "version": "3.2.4-B20220812",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink N300RH via manipulation of the Password argument in the loginauth function of the cstecgi.cgi file, allowing remote attacks.",
    "ai_severity": "Critical",
    "ai_vendor": "Totolink",
    "ai_product": "N300RH",
    "ai_version": "3.2.4-B20220812",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply