CVE 8.7 HIGH

Totolink N300RH POST Request cstecgi.cgi setMacFilterRules buffer overflow_CVE-2026-7750

May 4, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.

AI Analysis

Buffer overflow vulnerability in the setMacFilterRules function of the /cgi-bin/cstecgi.cgi component, allowing remote attacks via manipulation of the mac_address argument.

Basic Information

ID CVE-2026-7750

Source VulDB

Published May 4, 2026 at 09:00

Affected Product

Vendor Totolink

Product N300RH

Version 3.2.4-B20220812

Affected Versions Totolink N300RH 3.2.4-B20220812

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Totolink

Product N300RH

Version 3.2.4-B20220812

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.",
    "published": "2026-05-04T09:00:17.932Z",
    "modified": "2026-05-04T09:00:17.932Z",
    "type": "cve",
    "title": "Totolink N300RH POST Request cstecgi.cgi setMacFilterRules buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360925\nhttps://vuldb.com/vuln/360925/cti\nhttps://vuldb.com/submit/807204\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setMacFilterRules-34553a41781f809cb952cdcb71ce90d8\nhttps://www.totolink.net/",
    "id": "CVE-2026-7750",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink N300RH 3.2.4-B20220812",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N300RH",
    "version": "3.2.4-B20220812",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in the setMacFilterRules function of the /cgi-bin/cstecgi.cgi component, allowing remote attacks via manipulation of the mac_address argument.",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "N300RH",
    "ai_version": "3.2.4-B20220812",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply