Unrated

Stack-based Buffer Overflow in Totolink EX1200L cgi-bin/cstecgi.cgi Login Functionality

IdentifiersCVE-2026-44089CWE-121

CVE-2026-44089 is a stack-based buffer overflow vulnerability affecting the Totolink EX1200L router. The flaw is present in the login functionality exposed through the cgi-bin/cstecgi.cgi endpoint. The vulnerability has been confirmed in firmware version 9.3.5u.6146_B20201023; other versions may also be affected, but that has not been confirmed. Successful exploitation can crash the vulnerable process and may enable remote code execution on the device. The available reporting indicates exploitation can be performed without authentication and can result in code execution with root privileges on the router.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation may allow an unauthenticated remote attacker to trigger a crash of the affected program or achieve remote code execution as root. With root-level execution, an attacker could read and modify data on the router, alter device behavior or configuration, and render the device unusable, including bricking it. The confidentiality, integrity, and availability impacts are all high based on the provided reporting.

Mitigation

If you can’t patch tonight, do this now.

Until a vendor patch is available, restrict or eliminate network exposure to the router management interface and specifically the vulnerable cgi-bin/cstecgi.cgi login functionality. Limit administrative access to trusted management networks only, disable remote administration if not required, place the device behind upstream access controls, and consider replacing the device if exposure cannot be adequately reduced. The supplied content also recommends avoiding use of the vulnerable login functionality where possible and contacting the vendor for patch information.

Remediation

Patch, then assume compromise.

Upgrade the Totolink EX1200L to a vendor-provided fixed firmware version once available. The vulnerability is confirmed in firmware 9.3.5u.6146_B20201023, and the provided content indicates vendor contact attempts were unsuccessful at the time of disclosure, so a specific patched version is not currently available in the supplied material. Organizations should monitor Totolink for security advisories and firmware releases, and replace affected devices if no fix is made available.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

malware newsNews

Jun 23, 2026

Vulnerability in Totolink EX1200L router software - Malware News - Malware Analysis, News and Indicators

A stack-based buffer overflow vulnerability affecting Totolink EX1200L router software.

cvefeed high severityNews

Jun 23, 2026

CVE-2026-44089 - Buffer Overflow in Totolink EX1200L router

A critical buffer overflow vulnerability in the Totolink EX1200L router login functionality that can lead to remote code execution with root privileges.

cert polskaNews

Jun 1, 2026

Vulnerability in Totolink EX1200L router software | CERT Polska

A stack-based buffer overflow in the login functionality of the Totolink EX1200L router's cgi-bin/cstecgi.cgi endpoint that may allow unauthenticated remote code execution as root.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-44089

NVD

nvd.nist.gov/vuln/detail/CVE-2026-44089

MITRE CWE · CWE-121

cwe.mitre.org