<0.1% probability · 22.8th percentile — 2026-05-08
Affected versions
Totolink N300RH firmware 3.2.4-B20220812
Summary
This is a remote buffer overflow vulnerability in the loginauth function of the /cgi-bin/cstecgi.cgi parameter handler on Totolink N300RH routers. An unauthenticated attacker can trigger the flaw by sending a manipulated Password argument to the vulnerable endpoint. Successful exploitation can lead to full remote code execution on the affected device.
Remediation
Install the latest official firmware update from Totolink once a patch is released. Until patching, disable remote management of the router and restrict management interface access to trusted local IP addresses only.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.