CVE-2026-7747
CriticalSummary
A security flaw has been discovered in Totolink N300RH version 3.2.4-B20220812 in the loginauth function of the /cgi-bin/cstecgi.cgi file, affecting the Parameter Handler component. Manipulating the Password argument results in a buffer overflow, which can be exploited in remote attacks.
Risk Assessment
This vulnerability poses a significant risk to organizations as an attacker can remotely exploit it to gain control over the device.
Recommendation
It is recommended to update the device firmware to the latest version to mitigate this vulnerability and to monitor systems for unauthorized access attempts.
Original NVD description (English source)
A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

