<0.1% probability · 22.7th percentile — 2026-05-07
Affected versions
Totolink N300RH firmware 3.2.4-B20220812
Summary
This remote buffer overflow affects the setUpgradeFW function of the POST request handler in /cgi-bin/cstecgi.cgi on Totolink N300RH routers. Attackers can trigger the vulnerability by sending a crafted request with a malicious FileName argument. Successful exploitation allows for arbitrary code execution or system crash.
Remediation
Apply any available firmware security updates from Totolink for the affected device. Restrict access to the router's CGI endpoints and disable remote administrative access if not actively required.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.