CVE-2026-7218
Published: 28 April 2026
Summary
CVE-2026-7218 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink N300RT (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-7218 is a buffer overflow vulnerability affecting the Totolink N300RT router on firmware version 3.4.0-B20250430. The flaw exists in the is_cmd_string_valid function located in the /boafrm/formWsc file of the libapmib.so component. It is triggered by manipulating the localPin argument, as classified under CWE-119 and CWE-120.
The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L), but requires high privileges (PR:H) and no user interaction (UI:N). Attackers meeting these conditions can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged scope (S:U), resulting in a CVSS v3.1 base score of 7.2.
Advisories from VulDB indicate the exploit is public and available for use, with a proof-of-concept hosted on GitHub at https://github.com/xiaohaiyang-ai/TOTOLINK-N300RT-Buffer-Overflow. Additional details are provided in VulDB entries at https://vuldb.com/vuln/359818 and related pages. Security practitioners should monitor the Totolink vendor site at https://www.totolink.net/ for any patches or mitigation guidance.
The exploit's public availability heightens the risk for exposed Totolink N300RT devices, particularly in environments where privileged remote access is feasible.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25974
Vulnerability details
A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be…
more
carried out remotely. The exploit is now public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the router's web form handler (formWsc) directly enables remote exploitation of the public-facing web application for code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of inputs like the localPin argument to prevent buffer overflows from malformed data in the is_cmd_string_valid function.
Mandates timely remediation of the identified buffer overflow flaw through firmware updates or patches from the Totolink vendor.
Implements memory protections such as ASLR and DEP to mitigate exploitation of buffer overflows even if invalid input reaches the vulnerable function.