Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-7719: Totolink WA300 Router: Remote Code Execution via Buffer Overflow
CVE-2026-7719
Summary
A vulnerability in the Totolink WA300 router's login function allows an attacker to potentially execute malicious code remotely, potentially allowing them to take control of the device. This could lead to unauthorized access to your network and sensitive data. Update your router's firmware to the latest version to fix this issue.
Original title
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Th...
Original description
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-119
Buffer Overflow
CWE-120
Classic Buffer Overflow
Published: 4 May 2026 · Updated: 30 May 2026 · First seen: 4 May 2026