{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-7749/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7749"}],"_cs_exploited":false,"_cs_products":["N300RH 3.2.4-B20220812"],"_cs_severities":["high"],"_cs_tags":["buffer-overflow","router","cve-2026-7749"],"_cs_type":"advisory","_cs_vendors":["Totolink"],"content_html":"\u003cp\u003eA buffer overflow vulnerability has been identified in Totolink N300RH router version 3.2.4-B20220812. The vulnerability resides in the \u003ccode\u003esetWanConfig\u003c/code\u003e function within the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e file, which handles POST requests. An attacker can exploit this vulnerability by manipulating the \u003ccode\u003epriDns\u003c/code\u003e argument in a crafted POST request. The vulnerability allows for remote exploitation, meaning an attacker does not need local access to the device. Public exploits for this vulnerability are already available, increasing the risk of exploitation. This vulnerability was published on 2026-05-04.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Totolink N300RH router running firmware version 3.2.4-B20220812.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious POST request targeting the \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the POST request, the attacker includes the \u003ccode\u003epriDns\u003c/code\u003e argument with a value exceeding the buffer size.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esetWanConfig\u003c/code\u003e function processes the \u003ccode\u003epriDns\u003c/code\u003e argument without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe oversized \u003ccode\u003epriDns\u003c/code\u003e value overwrites adjacent memory on the stack, potentially including control flow data.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the program execution flow by overwriting the return address.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code on the router, potentially gaining a shell.\u003c/li\u003e\n\u003cli\u003eThe attacker could then use the compromised router to perform lateral movement, exfiltrate data, or establish a persistent backdoor.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this buffer overflow vulnerability can lead to complete compromise of the Totolink N300RH router. An attacker could gain unauthorized access to the device\u0026rsquo;s configuration, intercept network traffic, or use the router as a pivot point to attack other devices on the network. Given that public exploits are available, a wide range of attackers could potentially exploit this vulnerability. The CVSS v3.1 base score is 8.8 (HIGH).\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e with abnormally long \u003ccode\u003epriDns\u003c/code\u003e values to detect potential exploitation attempts using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection system (NIDS) rules to detect and block malicious POST requests targeting \u003ccode\u003e/cgi-bin/cstecgi.cgi\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eContact Totolink for a security patch or firmware update to address CVE-2026-7749.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T10:16:01Z","date_published":"2026-05-04T10:16:01Z","id":"/briefs/2026-05-totolink-n300rh-buffer-overflow/","summary":"A buffer overflow vulnerability exists in Totolink N300RH version 3.2.4-B20220812, specifically affecting the setWanConfig function within the /cgi-bin/cstecgi.cgi file, allowing a remote attacker to exploit it by manipulating the priDns argument in a POST request.","title":"Totolink N300RH Buffer Overflow Vulnerability in setWanConfig","url":"https://feed.craftedsignal.io/briefs/2026-05-totolink-n300rh-buffer-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-7749","version":"https://jsonfeed.org/version/1.1"}