PT-2026-36745 · Totolink · Wa300

Wxhwxhwxh_Mie

Published

2026-05-04

Updated

2026-06-02

CVE-2026-7717

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227

Description A buffer overflow exists in the POST Request Handler component. This issue occurs within the UploadCustomModule() function of the '/cgi-bin/cstecgi.cgi' endpoint. A remote, unauthenticated attacker can trigger this flaw by manipulating the File argument via a malformed POST request, potentially leading to remote code execution.

Recommendations For version 5.2cu.7112 B20190227, update the firmware to a newer version to mitigate the risk. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' endpoint to minimize the risk of exploitation.

Exploit

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

CVE-2026-7717

Affected Products

Wa300

PT-2026-36745 · Totolink · Wa300

CVE-2026-7717

Weakness Enumeration

Related Identifiers

Affected Products

References · 11