CVE-2026-10187— Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10187
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-10187
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10187
请登录查看更多情报信息。
Other References for CVE-2026-10187 (1)
- 🔗 QQ邮箱文件分享exploit
IV. Related Vulnerabilities
Same product: N300RH
- CVE-2026-9543
Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os - CVE-2026-7750
Totolink N300RH POST Request cstecgi.cgi setMacFilterRules b - CVE-2026-7749
Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer - CVE-2026-7748
Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer - CVE-2026-7747
Totolink N300RH Parameter cstecgi.cgi loginauth buffer overf
Same vendor: Totolink
- CVE-2026-9543
Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os - CVE-2026-9534
Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os c - CVE-2026-9533
Totolink CA750-PoE Setting cstecgi.cgi recvUpgradeNewFw os c - CVE-2026-9532
Totolink CA750-PoE Setting cstecgi.cgi setUploadUserData os - CVE-2026-9531
Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os co
Same weakness: CWE-121
- CVE-2026-10206
D-Link DI-8400 dbsrv.asp stack-based overflow - CVE-2026-10192
Tenda W12 httpd set_local_time_0 stack-based overflow - CVE-2026-10191
Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow - CVE-2026-10189
Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow - CVE-2026-10188
Tenda W12 httpd cgistaKickOff stack-based overflow
V. Comments for CVE-2026-10187
No comments yet