Cyber Posture

CVE-2026-7750

High

Published: 04 May 2026

Published
04 May 2026
Modified
04 May 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 22.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely.…

more

The exploit is now public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely remediation through firmware patching from Totolink directly eliminates the buffer overflow vulnerability in the setMacFilterRules function.

SI-10 Information Input Validation good match
prevent

Validates the mac_address argument in POST requests to /cgi-bin/cstecgi.cgi for proper length and format to prevent buffer overflow exploitation.

SI-16 Memory Protection good match
prevent

Deploys memory protection mechanisms like ASLR, stack canaries, and non-executable memory to block arbitrary code execution even if the buffer overflow occurs.

Security SummaryAI

CVE-2026-7750 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting Totolink N300RH routers on firmware version 3.2.4-B20220812. The flaw resides in the setMacFilterRules function within the /cgi-bin/cstecgi.cgi file of the POST Request Handler component, where manipulation of the mac_address argument triggers the overflow. Published on 2026-05-04, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), marking it as high severity.

Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables high-impact consequences on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or device takeover. A public exploit is available and may be used.

Advisories from VulDB detail the issue at https://vuldb.com/vuln/360925 and related CTI at https://vuldb.com/vuln/360925/cti, with a proof-of-concept at https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setMacFilterRules-34553a41781f809cb952cdcb71ce90d8. Security practitioners should consult the Totolink vendor site at https://www.totolink.net/ for any firmware patches or mitigation guidance.

The public availability of the exploit increases the risk of active exploitation in the wild.

Details

CWE(s)
CWE-119CWE-120

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Buffer overflow in public-facing CGI endpoint (setMacFilterRules) enables remote authenticated attackers to achieve arbitrary code execution/device takeover from low privileges, directly mapping to T1190 (Exploit Public-Facing Application) for initial network access and T1068 (Exploitation for Privilege Escalation) for elevation to full control.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References