CVE-2026-7219
Received Received - Intake
Remote Buffer Overflow in Totolink N300RT /boafrm/formIpQoS

Publication date: 2026-04-28

Last updated on: 2026-04-28

Assigner: VulDB

Description
A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7219
EUVD
EUVD-2026-25975
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink n300rt to 3.4.0-b20250430 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7219 is a stack-based buffer overflow vulnerability found in the TOTOLINK N300RT router's firmware version up to 3.4.0-B20250430. It exists in the /boafrm/formIpQoS endpoint of the boa web server.

An authenticated attacker can exploit this vulnerability by sending a specially crafted POST request containing an oversized "entry_name" parameter. This parameter is not properly validated for length and is copied insecurely using the unsafe strcpy function into a fixed-size buffer of 192 bytes on the stack.

Because the buffer is smaller than the input, the attacker can overflow it and overwrite the saved return address on the stack, which is located 324 bytes from the buffer's start. This allows the attacker to hijack the control flow of the program.

Exploitation requires authentication to obtain a valid session token and valid parameters to pass business logic checks. A proof-of-concept shows that sending 324 'A' characters followed by 'BBBB' causes the web server to crash, resulting in denial of service. Potentially, this overflow could be used for remote code execution.

Impact Analysis

This vulnerability can impact you by allowing an authenticated attacker to cause a denial of service (DoS) on your TOTOLINK N300RT router's web management interface, making it inaccessible.

Additionally, because the attacker can overwrite the return address on the stack, there is a potential risk of remote code execution (RCE), which could allow the attacker to execute arbitrary code on the device.

Such impacts could lead to loss of control over the router, disruption of network services, and potential compromise of the device and network.

Detection Guidance

This vulnerability can be detected by sending a crafted POST request to the /boafrm/formIpQoS endpoint of the TOTOLINK N300RT router's web server. The request should include an oversized "entry_name" parameter designed to overflow the buffer.

A proof-of-concept involves sending a POST request with 324 'A' characters followed by "BBBB" (0x42424242) in the "entry_name" field, which causes the web server to crash, indicating the presence of the vulnerability.

Since exploitation requires authentication, detection commands should include authentication tokens and valid ipStart and ipEnd parameters to pass business logic checks.

Example command using curl to test for the vulnerability (authentication and valid parameters required):

  • curl -X POST "http://<router-ip>/boafrm/formIpQoS" -d "entry_name=$(python3 -c 'print("A"*324 + "BBBB")')&sessionCheck=<valid_token>&ipStart=<valid_ip>&ipEnd=<valid_ip>"

If the router's web management interface crashes or becomes inaccessible after this request, it indicates the vulnerability is present.

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted users only, as exploitation requires authentication.

Avoid sending or accepting suspicious POST requests to the /boafrm/formIpQoS endpoint, especially those containing unusually long "entry_name" parameters.

Monitor the router for crashes or denial of service conditions that may indicate exploitation attempts.

Apply any available firmware updates or patches from the vendor that address this buffer overflow vulnerability.

If no patch is available, consider disabling the vulnerable service or limiting network exposure of the router's management interface until a fix is applied.

Compliance Impact

The CVE-2026-7219 vulnerability is a stack-based buffer overflow in the TOTOLINK N300RT router that can lead to denial of service or potentially remote code execution. This security flaw could compromise the confidentiality, integrity, and availability of the device and its data.

Such a vulnerability may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data through secure systems and timely mitigation of security risks. If exploited, this flaw could lead to unauthorized access or disruption of services, thereby violating requirements for data protection and system integrity.

However, specific impacts on compliance depend on the context of the device's use, the data it processes, and the implemented security controls and mitigations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7219. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart