Totolink N300RH Password buffer overflow vulnerability (CVE-2026-7747)
CVE number = CVE-2026-7747
A vulnerability, which was classified as critical, has been found in Totolink N300RH 3.2.4-B20220812.
Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler.
Performing a manipulation of the argument Password results in buffer overflow.
Using CWE to declare the problem leads to CWE-120.
The weakness was presented 05/03/2026. The advisory is available at lavender-bicycle-a5a.notion.site.
This vulnerability is identified as CVE-2026-7747. The attack can be initiated remotely. Technical specifics are available. Additionally, an exploit exists.

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.
