A stack-based buffer overflow vulnerability (CVE-2026-7546) has been discovered in Totolink NR1800X router firmware version 9.1.0u.6279_B20210910. The vulnerability affects the find_host_ip function within the lighttpd component, where manipulation of the Host argument leads to a buffer overflow condition. This security flaw can be exploited remotely by attackers, making it particularly dangerous for network infrastructure. The exploit code has been publicly disclosed and is available for use, significantly increasing the risk to affected devices. Organizations using this specific Totolink router model should prioritize patching or implementing protective measures immediately.