CVE-2026-7546

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910

Description A stack-based buffer overflow exists in the lighttpd component. This issue occurs when the find host ip() function improperly handles the Host argument, allowing a remote attacker to execute the attack.

Recommendations Update Totolink NR1800X version 9.1.0u.6279 B20210910 to a patched version. As a temporary workaround, restrict access to the lighttpd component to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-121

Related Identifiers

CVE-2026-7546

Affected Products

Nr1800X

Lighttpd

CVE-2026-7546

Weakness Enumeration

Related Identifiers

Affected Products

References · 8