Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-7719 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-7719 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-7719 is a critical vulnerability in the Totolink WA300 router (firmware version 5.2cu.7112_B20190227), specifically affecting the loginauth function within the POST request handler located at /cgi-bin/cstecgi.cgi.

Technical Detail

The flaw resides in how the loginauth function processes POST request input, with the truncated description suggesting a memory corruption or input validation issue, most likely a stack-based buffer overflow or command injection, given the nature of similar vulnerabilities in this device family. An unauthenticated remote attacker can send a crafted POST request to the /cgi-bin/cstecgi.cgi endpoint to trigger the vulnerable code path, requiring no prior authentication or user interaction. Successful exploitation could result in remote code execution with root-level privileges on the affected device, given that embedded router CGI handlers typically run with elevated system permissions.

Exploitation Status

No known exploit code has been publicly observed or confirmed as of May 10, 2026. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. Despite the absence of confirmed exploitation, the critical CVSS score of 9.8 and the unauthenticated network-accessible attack surface make this a high-priority candidate for weaponization.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability. Historically, vulnerabilities in consumer and small-business routers from vendors such as Totolink have been leveraged by botnet operators targeting internet-exposed devices, but no such activity has been confirmed for this CVE.

What To Do

Organizations and individuals operating the Totolink WA300 on firmware version 5.2cu.7112_B20190227 should check immediately for an updated firmware release from Totolink and apply it as a priority given the critical severity rating. If no patch is available, restrict access to the device's web management interface by placing it behind a firewall or access control list that blocks untrusted external sources from reaching port 80 or 443. Disabling remote management features where not operationally required is a practical interim control. Network defenders should monitor for anomalous POST requests targeting /cgi-bin/cstecgi.cgi from external or unexpected sources as a detection signal.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →