Back to overview

CVE-2026-15701

CRITICAL
9.8
CVSS 3.1
Description
A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. Affected by this issue is the function Form_Logout of the file /formLogout.htm of the component lighttpd. This manipulation of the argument Host causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

Metadata

CVE ID
CVE-2026-15701
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-14 05:27 UTC
Published
2026-07-14 16:30 UTC
Last updated
2026-07-14 16:30 UTC
Primary CWE
CWE-121
Stack-based Buffer Overflow
Vendor / Product
Totolink / NR1800X
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
Totolink NR1800X 9.1.0u.6279_B20210910
Weakness (CWE)
CWESourceDescription
CWE-119 cna Memory Corruption
CWE-121 cna Stack-based Buffer Overflow
CVSS scores (4)
ScoreSeverityVersionSourceVector
10.0 N/D 2.0 cna AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
9.8 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
9.8 CRITICAL 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
9.3 CRITICAL 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
References (6)
Back to overview