Totolink WA300 Critical Buffer Overflow (CVE-2026-7719) Exploited
A critical buffer overflow vulnerability, identified as CVE-2026-7719, has been discovered in Totolink WA300 5.2cu.7112_B20190227. This flaw resides within the loginauth function of the /cgi-bin/cstecgi.cgi component, specifically triggered by manipulating the http_host argument during a POST request. The National Vulnerability Database (NVD) has assigned this vulnerability a CVSSv3.1 score of 9.8, categorizing it as critical.
This vulnerability is remotely exploitable, meaning attackers do not require local network access or authentication to compromise affected devices. The National Vulnerability Database further notes that an exploit for CVE-2026-7719 has already been released publicly. This significantly elevates the risk, as it lowers the bar for attackers to weaponize this flaw and launch widespread attacks.
For defenders, the immediate concern is the public exploit and the ease of remote exploitation. Unpatched Totolink WA300 devices running the specified firmware are effectively wide open. This isn’t a theoretical threat; it’s an active one that demands urgent attention. Attackers will leverage this to gain full control, pivot into internal networks, or integrate devices into botnets.
What This Means For You
- If your organization uses Totolink WA300 5.2cu.7112_B20190227, you must immediately assess your exposure. Prioritize patching or isolating these devices. Given the public exploit and remote attack vector for CVE-2026-7719, consider these devices compromised until proven otherwise. Audit network logs for suspicious activity originating from or targeting these devices.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rule · 6 SIEM formats1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7719 | Buffer Overflow | Totolink WA300 version 5.2cu.7112_B20190227 |
| CVE-2026-7719 | Buffer Overflow | Vulnerable function: loginauth in /cgi-bin/cstecgi.cgi |
| CVE-2026-7719 | Buffer Overflow | Vulnerable component: POST Request Handler |
| CVE-2026-7719 | Buffer Overflow | Manipulation of argument: http_host |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 04, 2026 at 05:15 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7724 — PrefectHQ Prefect Vulnerability
CVE-2026-7724 — A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification....
CVE-2026-7723: PrefectHQ Prefect WebSocket Lacks Authentication
CVE-2026-7723 — A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component...
CVE-2026-7722 — PrefectHQ Prefect Vulnerability
CVE-2026-7722 — A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health...