CVE-2026-7546 - Vulnerability Details

- Totolink NR1800X lighttpd find_host_ip stack-based overflow

Description

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Published: 2026-05-01

Score: 9.3 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Totolink NR1800X router firmware 9.1.0u.6279_B20210910 contains a flaw in the lighttpd web server’s find_host_ip function, where an attacker can supply a crafted Host header that overflows a stack buffer. This classic buffer overrun (CWE-119) and stack reuse (CWE-121) can lead to arbitrary code execution, compromising confidentiality, integrity, and availability of the device and the network it serves.

Affected Systems

The only affected product listed is the Totolink NR1800X router running firmware version 9.1.0u.6279_B20210910. No other versions were reported in the CNA data.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.3, indicating critical severity. EPSS data is not available, but the exploit code has been publicly disclosed, suggesting that exploitation may be attempted in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers can reach the vulnerable function remotely via the router’s web interface without requiring physical access or elevated privileges.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Totolink

NR1800X

affected

Version	Status	Constraints
`9.1.0u.6279_B20210910`	affected	—

No data.

Vendor Product Confidence Versions

Totolink

Nr1800x

100%

Version	Status	Scheme	Platform
`9.1.0u.6279_B20210910`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest firmware update from Totolink that patches the find_host_ip buffer overflow in lighttpd.
If a recent firmware update is unavailable, limit external access to the router’s web interface by configuring the network firewall to allow traffic only from trusted internal IP ranges.
If the firmware permits it, disable the lighttpd web server or restrict it to essential management functions to reduce the attack surface.
Apply network monitoring and intrusion detection to log and alert on attempts to send malformed Host headers to the router’s web service.

Generated by OpenCVE AI on May 1, 2026 at 04:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00077.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
https://github.com/newym/cve/blob/main/totolinknr1800x.md
https://vuldb.com/submit/804404
https://vuldb.com/vuln/360357
https://vuldb.com/vuln/360357/cti
https://www.totolink.net/

History

Fri, 01 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 01 May 2026 04:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Totolink nr1800x
Vendors & Products		Totolink nr1800x

Fri, 01 May 2026 03:15:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Title		Totolink NR1800X lighttpd find_host_ip stack-based overflow
First Time appeared		Totolink Totolink nr1800x Firmware
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:o:totolink:nr1800x_firmware::::::::
Vendors & Products		Totolink Totolink nr1800x Firmware
References		https://github.com/newym/cve/blob/main/totolinknr1800x.md https://vuldb.com/submit/804404 https://vuldb.com/vuln/360357 https://vuldb.com/vuln/360357/cti https://www.totolink.net/
Metrics		cvssV2_0 `{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:UR'}` cvssV3_0 `{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R'}` cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:R'}` cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Totolink Nr1800x Nr1800x Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-01T02:15:12.350Z

Updated: 2026-05-01T21:28:56.710Z

Reserved: 2026-04-30T18:56:41.852Z

Link: CVE-2026-7546

Vulnrichment

Updated: 2026-05-01T21:28:52.794Z

NVD

Status : Deferred

Published: 2026-05-01T03:16:01.270

Modified: 2026-05-01T15:26:24.553

Link: CVE-2026-7546

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-01T04:45:08Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object