CVE-2026-7219
Published: 28 April 2026
Summary
CVE-2026-7219 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink N300RT (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-7219 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the Totolink N300RT router firmware version 3.4.0-B20250430. The flaw exists in an unknown function of the /boafrm/formIpQoS file, where manipulation of the "entry_name" argument triggers the overflow. This issue was published on 2026-04-28 and carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation over the network with low attack complexity, though it requires high privileges (PR:H), such as authenticated administrative access. A successful attack can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution and full device compromise.
Advisories referenced in VulDB (vuldb.com/vuln/359819 and related entries) document the vulnerability details and CTI. A proof-of-concept exploit is publicly available in a GitHub repository (github.com/xiaohyang-ai/IoT-Vulnerability-Research/tree/main/Vendors/TOTOLINK/N300RT/formIpQoS-Bof). The Totolink vendor website (totolink.net) is also listed among references, but specific patch or mitigation guidance is not detailed in the provided information.
The published exploit heightens the risk for unpatched Totolink N300RT devices running the affected firmware.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25975
Vulnerability details
A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has…
more
been published and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the router's public-facing web form handler (/boafrm/formIpQoS) directly enables remote exploitation of a public-facing application for arbitrary code execution and device compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CVE by requiring identification, reporting, and correction of the buffer overflow flaw in the Totolink N300RT firmware.
Prevents buffer overflow exploitation by enforcing validation of the 'entry_name' argument in the /boafrm/formIpQoS function.
Provides runtime memory protections like non-executable stacks or ASLR to hinder arbitrary code execution from the buffer overflow.