CVE-2026-7750

Totolink N300RH POST Request cstecgi.cgi setMacFilterRules buffer overflow

CVSS 8.7 HIGHEPSS 0.5%CWE-119 CWE-120

Vexday Risk Score

41Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.7EPSS 0.5%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

04 May 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

Totolink · N300RH

public PoCs found — 1

cve_referencelavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setMacFilterRules-34553a41781f809cb952cdcb71ce90d8unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setMacFilterRules-34553a41781f809cb952cdcb71ce90d8 https://vuldb.com/submit/807204 https://vuldb.com/vuln/360925 https://vuldb.com/vuln/360925/cti https://www.totolink.net/