Primary

Context

TOTOLINK N600R Buffer Overflow Vulnerability in HTTP Request Handler

Vulnerability

A buffer overflow vulnerability has been identified in the TOTOLINK N600R wireless router, affecting firmware versions through 4.3.0cu.7866_B20220506. The vulnerability resides in the HTTP request handler, specifically within the setWiFiBasicConfig function of the cstecgi.cgi file. When the wepkey parameter is supplied with excessive data, a buffer overflow occurs, potentially allowing remote attackers to execute arbitrary code or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a denial-of-service condition on the device.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the router's cgi-bin endpoint with a crafted wepkey parameter that exceeds the buffer size. This can be done using a proof-of-concept script that automates the process, as detailed in the vulnerability's GitHub advisory.

Added: Oct 8, 2025, 8:18 AM

Updated: Oct 8, 2025, 2:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK N600R Buffer Overflow Vulnerability in HTTP Request Handler

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK N600R

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating