CVE 8.7 HIGH

Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow_CVE-2026-7748

May 4, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

AI Analysis

Buffer overflow vulnerability in Totolink N300RH via manipulation of the FileName argument in the setUpgradeFW function of the /cgi-bin/cstecgi.cgi file, allowing remote attacks.

Basic Information

ID CVE-2026-7748

Source VulDB

Published May 4, 2026 at 08:30

Affected Product

Vendor Totolink

Product N300RH

Version 3.2.4-B20220812

Affected Versions Totolink N300RH 3.2.4-B20220812

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Totolink

Product N300RH

Version 3.2.4-B20220812

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-05-04T08:30:14.631Z",
    "modified": "2026-05-04T08:30:14.631Z",
    "type": "cve",
    "title": "Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360923\nhttps://vuldb.com/vuln/360923/cti\nhttps://vuldb.com/submit/807202\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setUpgradeFW-34553a41781f80abb1d1c627d7ff4329?pvs=73\nhttps://www.totolink.net/",
    "id": "CVE-2026-7748",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink N300RH 3.2.4-B20220812",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N300RH",
    "version": "3.2.4-B20220812",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink N300RH via manipulation of the FileName argument in the setUpgradeFW function of the /cgi-bin/cstecgi.cgi file, allowing remote attacks.",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "N300RH",
    "ai_version": "3.2.4-B20220812",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply