Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-7747 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-7747 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-7747 is a critical vulnerability in the loginauth function within the /cgi-bin/cstecgi.cgi Parameter Handler component of the Totolink N300RH router running firmware version 3.2.4-B20220812.

Technical Detail

The flaw resides in how the loginauth function processes user-supplied input parameters, a pattern consistent with stack-based or heap-based buffer overflow conditions commonly found in SOHO router CGI handlers. An unauthenticated remote attacker can send a crafted HTTP request to the cstecgi.cgi endpoint with malformed or oversized parameter values to trigger the vulnerability. Given the CVSS score of 9.8 and the pre-authentication attack surface, successful exploitation likely results in remote code execution with root-level privileges on the affected device, as is typical for this class of vulnerability in embedded Linux router firmware.

Exploitation Status

No known exploit code has been publicly identified at this time, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, meaning no public proof-of-concept or weaponized code has been confirmed as of May 11, 2026. However, the pre-authentication nature and critical severity of this vulnerability make it a candidate for rapid weaponization if technical details become more widely available.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns, threat groups, or targeted sectors have been linked to this vulnerability. Totolink devices as a product class have historically attracted attention from botnet operators targeting SOHO routers for network infrastructure abuse, but no confirmed activity against this specific CVE has been reported.

What To Do

Organizations and individuals operating the Totolink N300RH on firmware version 3.2.4-B20220812 should check the Totolink vendor advisory for an updated firmware release and apply it immediately given the critical severity rating. If no patch is available, restrict access to the device management interface by disabling remote WAN-side administration and placing the device behind a network perimeter that limits exposure of the CGI endpoint to untrusted hosts. Monitor HTTP access logs for anomalous or oversized POST requests targeting /cgi-bin/cstecgi.cgi as a detection signal. Given that this device class is commonly deployed without active monitoring, network administrators should audit their inventory for affected units and prioritize replacement if the vendor does not issue a timely patch.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →