Description
A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Published: 2026-04-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow occurs when the is_cmd_string_valid function in libapmib.so processes the localPin argument of the formWsc component. The overflow can overwrite adjacent memory and allow an attacker to execute arbitrary code, leading to complete compromise of the device. The vulnerability exploits a classic stack‑based buffer overflow (CWE‑119, CWE‑120) and is rated high severity.

Affected Systems

Totolink N300RT routers running firmware version 3.4.0‑B20250430 are affected. The issue resides in the libapmib.so library packaged with this firmware.

Risk and Exploitability

With a CVSS score of 8.6, the vulnerability has a high impact. The EPSS score is not available, but the exploit is public and can be performed remotely by manipulating the localPin parameter, making it reachable over the network. The vulnerability is not yet listed in the CISA KEV catalog, yet the public exploit and remote attack vector warrant rapid mitigation.

Generated by OpenCVE AI on April 28, 2026 at 12:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware update from Totolink that removes the vulnerable code
  • Disable the WSC (Wi‑Fi Protected Setup) feature on the router to eliminate the attack surface if a firmware patch is unavailable
  • Restrict remote management and WSC traffic to trusted networks and monitor logs for suspicious activity

Generated by OpenCVE AI on April 28, 2026 at 12:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Totolink n300rt
Vendors & Products Totolink n300rt

Tue, 28 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Title Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow
First Time appeared Totolink
Totolink n300rt Firmware
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:o:totolink:n300rt_firmware:*:*:*:*:*:*:*:*
Vendors & Products Totolink
Totolink n300rt Firmware
References
Metrics cvssV2_0

{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Totolink N300rt N300rt Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-29T14:15:09.478Z

Reserved: 2026-04-27T15:28:57.813Z

Link: CVE-2026-7218

cve-icon Vulnrichment

Updated: 2026-04-29T14:15:03.920Z

cve-icon NVD

Status : Deferred

Published: 2026-04-28T03:16:04.953

Modified: 2026-04-28T20:24:58.820

Link: CVE-2026-7218

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:45:31Z

Weaknesses