CVE-2026-7218
Remote Buffer Overflow in Totolink N300RT libapmib.so Component
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | n300rt | to 3.4.0-b20250430 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests to the endpoint /boafrm/formWsc containing an unusually long localPin parameter.
One detection method involves capturing and inspecting HTTP traffic to identify POST requests with a localPin parameter exceeding normal length, which may indicate an exploit attempt.
Additionally, signs of the vulnerability being triggered include crashes or denial of service of the router's management interface.
- Use network packet capture tools like tcpdump or Wireshark to filter HTTP POST requests to /boafrm/formWsc.
- Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/boafrm/formWsc'
- Use curl or similar tools to test the endpoint with a crafted long localPin parameter to verify if the system is vulnerable.
Can you explain this vulnerability to me?
CVE-2026-7218 is a stack-based buffer overflow vulnerability found in TOTOLINK N300RT routers running firmware up to version 3.4.0-B20250430. It occurs in the router's web management interface, specifically in the function is_cmd_string_valid within the file /boafrm/formWsc of the component libapmib.so.
The vulnerability is triggered by sending a crafted HTTP POST request to the /boafrm/formWsc endpoint with a maliciously long localPin parameter. Due to improper input length validation and unsafe use of the sprintf() function without bounds checking, the localPin input can overflow the stack buffer.
An attacker can bypass authentication by exploiting weak session token checks and then send the crafted request to cause the buffer overflow. This overflow can overwrite the saved return address, potentially leading to denial of service (DoS) or remote code execution (RCE).
How can this vulnerability impact me? :
This vulnerability can have serious impacts including denial of service and remote code execution on affected TOTOLINK N300RT routers.
- Denial of Service (DoS): The buffer overflow can crash the router's web management interface, making it inaccessible and disrupting network management.
- Remote Code Execution (RCE): By overwriting the saved return address on the stack, an attacker may execute arbitrary code remotely, potentially gaining control over the router.
- Since the attack can be carried out remotely without user interaction, it poses a high risk to network security and availability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the router's management interface to trusted networks or IP addresses to prevent remote exploitation.
Disabling remote management or web interface access from untrusted networks can reduce the attack surface.
Monitoring and blocking suspicious HTTP POST requests to /boafrm/formWsc with unusually long localPin parameters at the network perimeter can help prevent exploitation.
Applying any available firmware updates or patches from the vendor that address this vulnerability is recommended once released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in TOTOLINK N300RT routers allows remote attackers to cause denial of service or potentially execute remote code by exploiting a stack-based buffer overflow in the router's web management interface.
Such a vulnerability could impact compliance with standards like GDPR or HIPAA by compromising the confidentiality, integrity, and availability of data managed or transmitted through the affected device.
Specifically, the high CVSS scores indicating high impact on confidentiality, integrity, and availability suggest that exploitation could lead to unauthorized access or disruption of services, which are critical factors in regulatory compliance.
However, the provided information does not explicitly detail compliance implications or mitigation steps related to these standards.