CVE 8.7 HIGH

Totolink LR350 cstecgi.cgi setWiFiEasyGuestCfg buffer overflow_CVE-2026-1155

January 19, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

AI Analysis

Buffer overflow vulnerability in Totolink LR350 via the setWiFiEasyGuestCfg function

Basic Information

ID CVE-2026-1155

Source VulDB

Published Jan 19, 2026 at 13:02

Affected Product

Vendor Totolink

Product LR350

Version 9.3.5u.6369_B20220309

Affected Versions Totolink LR350 9.3.5u.6369_B20220309

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Totolink

Product LR350

Version 9.3.5u.6369_B20220309

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.",
    "published": "2026-01-19T13:02:15.880Z",
    "modified": "2026-01-19T13:02:15.880Z",
    "type": "cve",
    "title": "Totolink LR350 cstecgi.cgi setWiFiEasyGuestCfg buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.341749\nhttps://vuldb.com/?ctiid.341749\nhttps://vuldb.com/?submit.735718\nhttps://lavender-bicycle-a5a.notion.site/TOTOLINK-LR350-setWiFiEasyGuestCfg-2e453a41781f8034bae3d1a11066a8fb?source=copy_link\nhttps://www.totolink.net/",
    "id": "CVE-2026-1155",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Totolink LR350 9.3.5u.6369_B20220309",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LR350",
    "version": "9.3.5u.6369_B20220309",
    "vendor": "Totolink",
    "ai_description": "Buffer overflow vulnerability in Totolink LR350 via the setWiFiEasyGuestCfg function",
    "ai_severity": "High",
    "ai_vendor": "Totolink",
    "ai_product": "LR350",
    "ai_version": "9.3.5u.6369_B20220309",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply