CVE-2026-7219 - Vulnerability Details

- Totolink N300RT formIpQoS buffer overflow

Description

A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

Published: 2026-04-28

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack-based buffer overflow exists in the formIpQoS function of Totolink N300RT firmware, triggered by a crafted entry_name argument. The vulnerability, classified as CWE-119 and CWE-120, can be exploited remotely and may allow an attacker to overwrite memory, potentially leading to arbitrary code execution or complete device compromise. If leveraged successfully, it would grant the attacker full control over the device, exposing sensitive network traffic, disrupting service, and allowing further lateral movement within the local network.

Affected Systems

The vulnerability affects Totolink N300RT router firmware version 3.4.0-B20250430. No other versions or products are listed as impacted in the available data.

Risk and Exploitability

The CVSS score is 8.6, indicating a high severity of risk. EPSS is not available, but the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation so far. However, attack may be performed from remote and published exploits exist, meaning the likelihood of real‑world exploitation is significant, especially if the device is exposed to the internet. The remote attack vector combined with the lack of an official patch or workaround elevates the risk for networks using the affected firmware.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Totolink

N300RT

affected

Version	Status	Constraints
`3.4.0-B20250430`	affected	—

No data.

Vendor Product Confidence Versions

Totolink

N300rt

100%

Version	Status	Scheme	Platform
`3.4.0-B20250430`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the device to the latest firmware provided by Totolink, ensuring the buffer overflow patch is included.
Restrict remote access to the device by disabling web management or configuring firewall rules to block traffic to the /boafrm/formIpQoS endpoint.
Continuously monitor network traffic and logs for abnormal patterns that may indicate exploitation attempts against the router.

Generated by OpenCVE AI on April 28, 2026 at 12:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00101.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/xiaohaiyang-ai/IoT-Vulnerability-Research/tree/main/Vendors/TOTOLINK/N300RT/formIpQoS-Bof
https://vuldb.com/submit/808194
https://vuldb.com/vuln/359819
https://vuldb.com/vuln/359819/cti
https://www.totolink.net/

History

Wed, 29 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 28 Apr 2026 06:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Totolink n300rt
Vendors & Products		Totolink n300rt

Tue, 28 Apr 2026 04:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
Title		Totolink N300RT formIpQoS buffer overflow
First Time appeared		Totolink Totolink n300rt Firmware
Weaknesses		CWE-119 CWE-120
CPEs		cpe:2.3:o:totolink:n300rt_firmware::::::::
Vendors & Products		Totolink Totolink n300rt Firmware
References		https://github.com/xiaohaiyang-ai/IoT-Vulnerability-Research/tree/main/Vendors/TOTOLINK/N300RT/formIpQoS-Bof https://vuldb.com/submit/808194 https://vuldb.com/vuln/359819 https://vuldb.com/vuln/359819/cti https://www.totolink.net/
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Totolink N300rt N300rt Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-28T03:00:23.944Z

Updated: 2026-04-29T14:13:31.485Z

Reserved: 2026-04-27T15:29:01.089Z

Link: CVE-2026-7219

Vulnrichment

Updated: 2026-04-29T14:13:06.555Z

NVD

Status : Deferred

Published: 2026-04-28T04:16:23.327

Modified: 2026-04-28T20:24:58.820

Link: CVE-2026-7219

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T12:45:31Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object