← Back
2026-05-04 8:45CVE-2026-7749VulDB
PUBLISHED5.2Operating systemCWE-120CWE-119

Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Problem type

Affected products

Totolink

N300RH

3.2.4-B20220812 - AFFECTED

References

VDB-360924 | Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow

https://vuldb.com/vuln/360924

vdb-entrytechnical-description
VDB-360924 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/360924/cti

signaturepermissions-required
Submit #807203 | Totolink N300RH N300RH V3_Firmware V3.2.4-B20220812 Buffer Overflow

https://vuldb.com/submit/807203

third-party-advisory
lavender-bicycle-a5a.notion.site

https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setWanConfig-34553a41781f80ed8500d9b8d54074f2

exploit
totolink.net

https://www.totolink.net/

product

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7749
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7749",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-05-04T08:45:11.639Z",
    "dateReserved": "2026-05-03T17:20:51.017Z",
    "datePublished": "2026-05-04T08:45:11.639Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-05-04T08:45:11.639Z"
      },
      "title": "Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "Totolink",
          "product": "N300RH",
          "cpes": [
            "cpe:2.3:o:totolink:n300rh_firmware:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "POST Request Handler"
          ],
          "versions": [
            {
              "version": "3.2.4-B20220812",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Buffer Overflow",
              "cweId": "CWE-120",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/360924",
          "name": "VDB-360924 | Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/360924/cti",
          "name": "VDB-360924 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/807203",
          "name": "Submit #807203 | Totolink N300RH N300RH V3_Firmware V3.2.4-B20220812 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setWanConfig-34553a41781f80ed8500d9b8d54074f2",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://www.totolink.net/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-05-03T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-05-03T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-05-03T19:26:07.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "wxhwxhwxh_mie (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}