A critical stack-based buffer overflow in the Totolink NR1800X router allows remote, unauthenticated attackers to compromise device integrity.

The vulnerability exists in the find_host_ip function of the lighttpd component. By sending a crafted Host header, an unauthenticated remote attacker can trigger a buffer overflow.

This vulnerability carries a CVSS score of 9.8, indicating a critical risk of total system compromise. Successful exploitation allows remote code execution, which could lead to unauthorized access to the local network, interception of traffic, or the use of the device as a pivot point for further lateral movement within the business environment.

Immediate Action: Apply the latest firmware update provided by Totolink to address the buffer overflow in the web server component.

Proactive Monitoring: Monitor device traffic for anomalous HTTP headers and inspect system logs for service crashes or unexpected restarts of the lighttpd process.

Compensating Controls: Implement a Web Application Firewall (WAF) or ingress filtering to block requests containing abnormally large or malformed Host headers.

Public Exploit Available: Yes

The severity of this vulnerability, combined with the availability of public exploits, poses an imminent risk to network security. Organizations utilizing the affected Totolink hardware must prioritize firmware updates or restrict management interface access to trusted internal segments immediately.