CVE 8.7 HIGH

TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg buffer overflow_CVE-2026-1143

January 19, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

AI Analysis

Buffer overflow vulnerability in TOTOLINK A3700R via the setWiFiEasyGuestCfg function in the /cgi-bin/cstecgi.cgi file, allowing remote attacks.

Basic Information

ID CVE-2026-1143

Source VulDB

Published Jan 19, 2026 at 07:02

Affected Product

Vendor TOTOLINK

Product A3700R

Version 9.1.2u.5822_B20200513

Affected Versions TOTOLINK A3700R 9.1.2u.5822_B20200513

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor TOTOLINK

Product A3700R

Version 9.1.2u.5822_B20200513

References

{
    "lastseen": "",
    "description": "A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-01-19T07:02:08.102Z",
    "modified": "2026-01-19T07:02:08.102Z",
    "type": "cve",
    "title": "TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.341735\nhttps://vuldb.com/?ctiid.341735\nhttps://vuldb.com/?submit.735502\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setWiFiEasyGuestCfg-2e353a41781f8057a244ead07d5eaaff?source=copy_link\nhttps://www.totolink.net/",
    "id": "CVE-2026-1143",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK A3700R 9.1.2u.5822_B20200513",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "A3700R",
    "version": "9.1.2u.5822_B20200513",
    "vendor": "TOTOLINK",
    "ai_description": "Buffer overflow vulnerability in TOTOLINK A3700R via the setWiFiEasyGuestCfg function in the /cgi-bin/cstecgi.cgi file, allowing remote attacks.",
    "ai_severity": "High",
    "ai_vendor": "TOTOLINK",
    "ai_product": "A3700R",
    "ai_version": "9.1.2u.5822_B20200513",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply