SYS::ONLINE
Wasteland.
Briefs1204
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-15701 2026-07-14

CVE-2026-15701: Critical Remote Buffer Overflow in Totolink NR1800X Routers

"A publicly exploitable stack-based buffer overflow in the lighttpd component of Totolink's NR1800X router lets unauthenticated attackers trigger the flaw remotely, earning a CVSS 3.1 score of 9.8 (Critical)."

A publicly exploitable stack-based buffer overflow in the lighttpd component of Totolink's NR1800X router lets unauthenticated attackers trigger the flaw remotely, earning a CVSS 3.1 score of 9.8 (Critical).

What Is It

CVE-2026-15701 is a stack-based buffer overflow (CWE-121 / CWE-119) in the Totolink NR1800X router running firmware version 9.1.0u.6279_B20210910. The weakness resides in the Form_Logout function of the file /formLogout.htm, part of the device's lighttpd web component. Manipulating the Host argument overflows the stack buffer. The attack can be carried out remotely and requires no authentication or user interaction. According to the record, a working exploit has been made public and could be used for attacks.

Why It Matters

The vulnerability carries a CVSS 3.1 base score of 9.8 (Critical), with high impact to confidentiality, integrity, and availability. Because the attack vector is network-based, complexity is low, and no privileges or user interaction are required, exploitation is straightforward for a remote attacker. The public availability of a proof-of-concept exploit (CVSS 4.0 exploit maturity: Proof-of-Concept) meaningfully raises the risk of opportunistic attacks against exposed devices.

What's Vulnerable

Patch Status

The supplied source material does not include a CISA KEV entry, so there is no KEV-confirmed active exploitation or federally mandated remediation deadline for this CVE. The VulDB record lists a status of "Deferred" and does not specify a vendor patch or fixed firmware version. No specific remediation guidance is provided in the source data beyond the vendor's website.

Sources