CVE 8.7 HIGH

Totolink LR350 cstecgi.cgi setWiFiBasicCfg buffer overflow_CVE-2026-1156

January 19, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

AI Analysis

Buffer overflow vulnerability in Totolink LR350 via the setWiFiBasicCfg function in /cgi-bin/cstecgi.cgi, allowing remote attackers to initiate an attack.

Basic Information

ID CVE-2026-1156

Source VulDB

Published Jan 19, 2026 at 13:32

Affected Product

Vendor Totolink

Product LR350

Version 9.3.5u.6369_B20220309

Affected Versions Totolink LR350 9.3.5u.6369_B20220309

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Totolink

Product LR350

Version 9.3.5u.6369_B20220309

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2026-01-19T13:32:11.182Z",
    "modified": "2026-01-19T13:32:11.182Z",
    "type": "cve",
    "title": "Totolink LR350 cstecgi.cgi setWiFiBasicCfg buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.341750\nhttps://vuldb.com/?ctiid.341750\nhttps://vuldb.com/?submit.735722\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-LR350-setWiFiBasicCfg-2e453a41781f80a2ad43e85bf5d46659?source=copy_link\nhttps://www.totolink.net/",
    "id": "CVE-2026-1156",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink LR350 9.3.5u.6369_B20220309",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LR350",
    "version": "9.3.5u.6369_B20220309",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink LR350 via the setWiFiBasicCfg function in /cgi-bin/cstecgi.cgi, allowing remote attackers to initiate an attack.",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "LR350",
    "ai_version": "9.3.5u.6369_B20220309",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply