← back
CVE-2026-7750

Totolink N300RH POST Request cstecgi.cgi setMacFilterRules buffer overflow

CVSS 8.7 HIGHEPSS 0.5%CWE-119CWE-120
A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
Totolink · N300RH
public PoCs found1
cve_referencelavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setMacFilterRules-34553a41781f809cb952cdcb71ce90d8unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setMacFilterRules-34553a41781f809cb952cdcb71ce90d8https://vuldb.com/submit/807204https://vuldb.com/vuln/360925https://vuldb.com/vuln/360925/ctihttps://www.totolink.net/