← back
CVE-2026-7546

Totolink NR1800X lighttpd find_host_ip stack-based overflow

CVSS 9.3 CRITICALEPSS 0.8%CWE-119CWE-121
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
Totolink · NR1800X
public PoCs found1
cve_referencegithub.com/newym/cve/blob/main/totolinknr1800x.mdunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/newym/cve/blob/main/totolinknr1800x.mdhttps://vuldb.com/submit/804404https://vuldb.com/vuln/360357https://vuldb.com/vuln/360357/ctihttps://www.totolink.net/