A vulnerability, which was classified as critical , was found in Totolink N300RH 3.2.4-B20220812 . Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler . Executing a manipulation of the argument FileName can lead to buffer overflow. This vulnerability is tracked as CVE-2026-7748 . The attack can be launched remotely. Moreover, an exploit is present.