CVE-2026-7748 | Totolink N300RH 3.2.4-B20220812 POST Request /cgi-bin/cstecgi.cgi setUpgradeFW FileName buffer overflow

Inserito da Angelo Barbosa | Mag 3, 2026 | CVE

A vulnerability, which was classified as critical, was found in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow.

This vulnerability is tracked as CVE-2026-7748. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-7748 | Totolink N300RH 3.2.4-B20220812 POST Request /cgi-bin/cstecgi.cgi setUpgradeFW FileName buffer overflow

Post correlati

CVE-2024-2417 | User Registration Plugin up to 3.1.5 on WordPress authorization

CVE-2024-4680 | ZenML up to 0.56.3 session expiration

CVE-2024-7313 | Shield Security Plugin up to 20.0.5 on WordPress cross-site request forgery

CVE-2022-49263 | Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1 brcmf_pcie_setup Privilege Escalation