CVE-2026-15701

Totolink · NR1800X

The Totolink NR1800X router contains a stack-based buffer overflow vulnerability in the lighttpd component, allowing for remote code execution.

Executive summary

A stack-based buffer overflow vulnerability in the Totolink NR1800X router allows remote, unauthenticated attackers to cause memory corruption and potentially execute arbitrary code.

Vulnerability

This vulnerability affects the Form_Logout function within the lighttpd component. By manipulating the Host argument, an attacker can trigger a stack-based buffer overflow, which is a form of memory corruption that may lead to remote code execution.

Business impact

This vulnerability impacts network infrastructure, potentially allowing attackers to gain control over the router, intercept traffic, or pivot into the internal network. With a high CVSS score, this represents a severe risk to network security and perimeter integrity.

Remediation

Immediate Action: Check the official Totolink support website for firmware updates addressing this vulnerability, and apply them as soon as they become available.

Proactive Monitoring: Monitor network traffic for unusual patterns or attempts to communicate with administrative interfaces on the router from external sources.

Compensating Controls: Disable remote management of the router from the WAN interface and ensure the device is segmented from sensitive internal resources where possible.

Exploitation status

Public Exploit Available: Yes, a public exploit is available via the GitHub repository linked in the referenced vulnerability database.

Analyst recommendation

The availability of a public exploit makes this vulnerability highly dangerous. Users should immediately restrict external access to the device and prioritize applying firmware updates to mitigate the risk of remote compromise.