CVE Catalog

CVE-2026-44089

CriticalCVSS 9.4
Published: Updated: Translated: NVD NIST

Summary

The Totolink EX1200L router is vulnerable to a buffer overflow in the login functionality at the cgi-bin/cstecgi.cgi endpoint. Exploiting this vulnerability could lead to program crashes and remote code execution.

Risk Assessment

An attacker could gain root privileges, allowing them to read and edit data as well as brick the router. This poses a significant security risk to the organization's network.

Recommendation

It is recommended to update the router to the latest firmware version to mitigate the risks associated with this vulnerability. Additionally, monitoring network traffic for potential attack attempts is advised.

Original NVD description (English source)

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing data, as well as bricking the router. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 9.3.5u.6146_B20201023 but may also affect other versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS