Description
A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. Affected by this issue is the function Form_Logout of the file /formLogout.htm of the component lighttpd. This manipulation of the argument Host causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Problem types
Product status
Timeline
| 2026-07-14: | Advisory disclosed |
| 2026-07-14: | VulDB entry created |
| 2026-07-14: | VulDB entry last update |
Credits
fuguang (VulDB User)
References
vuldb.com/vuln/378248 (VDB-378248 | Totolink NR1800X lighttpd formLogout.htm Form_Logout stack-based overflow)
vuldb.com/vuln/378248/cti (VDB-378248 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/cve/CVE-2026-15701 (CVE-2026-15701 | CVE Analysis and Report)
vuldb.com/submit/856136 (Submit #856136 | TOTOLINK TOTOLINK NR1800X V9.1.0u.6279_B20210910 V9.1.0u.6279_B20210910 Buffer Overflow)
github.com/fu9-dotom/cve/issues/1
www.totolink.net/