CVE-2026-7218 PUBLISHED

A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

• xyhackr (VulDB User) reporter

• VDB-359818 | Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow
• VDB-359818 | CTI Indicators (IOB, IOC, IOA)
• Submit #802127 | Totolink N300RT Router V3.4.0-B20250430 Buffer Overflow
• https://github.com/xiaohaiyang-ai/TOTOLINK-N300RT-Buffer-Overflow
• https://www.totolink.net/

• Buffer Overflow CWE
• Memory Corruption CWE