<0.1% probability · 22.7th percentile — 2026-05-07
Affected versions
Totolink WA300 firmware 5.2cu.7112_B20190227
Summary
This vulnerability is a remote buffer overflow in the UploadCustomModule function of Totolink WA300 wireless routers. The flaw is triggered when processing a malicious crafted File argument sent to the /cgi-bin/cstecgi.cgi endpoint. Attackers can exploit this to gain remote code execution on the affected device.
Remediation
Upgrade to the latest patched firmware from Totolink for the affected WA300 device. Disable remote management and limit management interface access to trusted internal networks to reduce attack exposure.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.