CVE 8.7 HIGH

Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow_CVE-2026-7749

May 4, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

AI Analysis

Buffer overflow vulnerability in Totolink N300RH via the setWanConfig function in the cstecgi.cgi file, allowing remote attackers to exploit the priDns argument.

Basic Information

ID CVE-2026-7749

Source VulDB

Published May 4, 2026 at 08:45

Affected Product

Vendor Totolink

Product N300RH

Version 3.2.4-B20220812

Affected Versions Totolink N300RH 3.2.4-B20220812

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Totolink

Product N300RH

Version 3.2.4-B20220812

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2026-05-04T08:45:11.639Z",
    "modified": "2026-05-04T08:45:11.639Z",
    "type": "cve",
    "title": "Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360924\nhttps://vuldb.com/vuln/360924/cti\nhttps://vuldb.com/submit/807203\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setWanConfig-34553a41781f80ed8500d9b8d54074f2\nhttps://www.totolink.net/",
    "id": "CVE-2026-7749",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink N300RH 3.2.4-B20220812",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N300RH",
    "version": "3.2.4-B20220812",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink N300RH via the setWanConfig function in the cstecgi.cgi file, allowing remote attackers to exploit the priDns argument.",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "N300RH",
    "ai_version": "3.2.4-B20220812",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply