CVE Catalog

CVE-2026-7719

Critical
Published: Translated: NVD NIST

Summary

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227 in the loginauth function of the /cgi-bin/cstecgi.cgi file, affecting the POST Request Handler component. Manipulation of the http_host argument results in buffer overflow.

Risk Assessment

This vulnerability may be exploited for remote attacks, posing a serious threat to the security of the system and user data.

Recommendation

It is recommended to update the device firmware to the latest version to mitigate this vulnerability and to monitor the system for unauthorized access attempts.

Original NVD description (English source)

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS