CVE 8.7 HIGH

Totolink LR350 cstecgi.cgi setWiFiEasyCfg buffer overflow_CVE-2026-1157

January 19, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

AI Analysis

Buffer overflow vulnerability in Totolink LR350 via the setWiFiEasyCfg function in the cstecgi.cgi file, allowing remote attacks.

Basic Information

ID CVE-2026-1157

Source VulDB

Published Jan 19, 2026 at 14:02

Affected Product

Vendor Totolink

Product LR350

Version 9.3.5u.6369_B20220309

Affected Versions Totolink LR350 9.3.5u.6369_B20220309

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Totolink

Product LR350

Version 9.3.5u.6369_B20220309

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.",
    "published": "2026-01-19T14:02:10.111Z",
    "modified": "2026-01-19T14:02:10.111Z",
    "type": "cve",
    "title": "Totolink LR350 cstecgi.cgi setWiFiEasyCfg buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.341751\nhttps://vuldb.com/?ctiid.341751\nhttps://vuldb.com/?submit.735726\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-LR350-setWiFiEasyCfg-2e453a41781f80b7b53cef33c6a782aa?source=copy_link\nhttps://www.totolink.net/",
    "id": "CVE-2026-1157",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink LR350 9.3.5u.6369_B20220309",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LR350",
    "version": "9.3.5u.6369_B20220309",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink LR350 via the setWiFiEasyCfg function in the cstecgi.cgi file, allowing remote attacks.",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "LR350",
    "ai_version": "9.3.5u.6369_B20220309",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply