CVE-2026-7750
Published: 04 May 2026
Summary
CVE-2026-7750 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Notion (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely remediation through firmware patching from Totolink directly eliminates the buffer overflow vulnerability in the setMacFilterRules function.
Validates the mac_address argument in POST requests to /cgi-bin/cstecgi.cgi for proper length and format to prevent buffer overflow exploitation.
Deploys memory protection mechanisms like ASLR, stack canaries, and non-executable memory to block arbitrary code execution even if the buffer overflow occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing CGI endpoint (setMacFilterRules) enables remote authenticated attackers to achieve arbitrary code execution/device takeover from low privileges, directly mapping to T1190 (Exploit Public-Facing Application) for initial network access and T1068 (Exploitation for Privilege Escalation) for elevation to full control.
NVD Description
A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely.…
more
The exploit is now public and may be used.
Deeper analysisAI
CVE-2026-7750 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting Totolink N300RH routers on firmware version 3.2.4-B20220812. The flaw resides in the setMacFilterRules function within the /cgi-bin/cstecgi.cgi file of the POST Request Handler component, where manipulation of the mac_address argument triggers the overflow. Published on 2026-05-04, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), marking it as high severity.
Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables high-impact consequences on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or device takeover. A public exploit is available and may be used.
Advisories from VulDB detail the issue at https://vuldb.com/vuln/360925 and related CTI at https://vuldb.com/vuln/360925/cti, with a proof-of-concept at https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-setMacFilterRules-34553a41781f809cb952cdcb71ce90d8. Security practitioners should consult the Totolink vendor site at https://www.totolink.net/ for any firmware patches or mitigation guidance.
The public availability of the exploit increases the risk of active exploitation in the wild.
Details
- CWE(s)