Cyber Resilience

CVE-2026-7218

High

Published: 28 April 2026

Published
28 April 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score v4 7.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0009 25.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7218 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink N300RT (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-7218 is a buffer overflow vulnerability affecting the Totolink N300RT router on firmware version 3.4.0-B20250430. The flaw exists in the is_cmd_string_valid function located in the /boafrm/formWsc file of the libapmib.so component. It is triggered by manipulating the localPin argument, as classified under CWE-119 and CWE-120.

The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L), but requires high privileges (PR:H) and no user interaction (UI:N). Attackers meeting these conditions can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged scope (S:U), resulting in a CVSS v3.1 base score of 7.2.

Advisories from VulDB indicate the exploit is public and available for use, with a proof-of-concept hosted on GitHub at https://github.com/xiaohaiyang-ai/TOTOLINK-N300RT-Buffer-Overflow. Additional details are provided in VulDB entries at https://vuldb.com/vuln/359818 and related pages. Security practitioners should monitor the Totolink vendor site at https://www.totolink.net/ for any patches or mitigation guidance.

The exploit's public availability heightens the risk for exposed Totolink N300RT devices, particularly in environments where privileged remote access is feasible.

EU & UK References

Vulnerability details

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be…

more

carried out remotely. The exploit is now public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in the router's web form handler (formWsc) directly enables remote exploitation of the public-facing web application for code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11296Shared CWE-119, CWE-120
CVE-2025-10942Shared CWE-119, CWE-120
CVE-2026-8775Shared CWE-119, CWE-120
CVE-2026-1328Shared CWE-119, CWE-120
CVE-2026-3701Shared CWE-119, CWE-120
CVE-2025-15459Shared CWE-119, CWE-120
CVE-2025-11356Shared CWE-119, CWE-120
CVE-2026-8260Shared CWE-119, CWE-120
CVE-2026-2202Shared CWE-119, CWE-120
CVE-2025-12232Shared CWE-119, CWE-120

Affected Assets

Totolink
N300RT
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs like the localPin argument to prevent buffer overflows from malformed data in the is_cmd_string_valid function.

prevent

Mandates timely remediation of the identified buffer overflow flaw through firmware updates or patches from the Totolink vendor.

prevent

Implements memory protections such as ASLR and DEP to mitigate exploitation of buffer overflows even if invalid input reaches the vulnerable function.

References