A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the com…

A buffer overflow vulnerability (CVE-2026-7218) has been discovered in Totolink N300RT router version 3.4.0-B20250430. The vulnerability exists in the is_cmd_string_valid function within the /boafrm/formWsc file of the libapmib.so component. Attackers can exploit this by manipulating the localPin argument, resulting in a buffer overflow condition. The vulnerability can be exploited remotely, making it particularly dangerous. A public exploit is now available, increasing the risk of active exploitation. The affected router model is commonly used in home and small business environments.