Primary

Context

TOTOLINK N600R Stack Overflow Vulnerability in WiFi Configuration

Vulnerability

Patched

A stack overflow vulnerability has been identified in the TOTOLINK N600R router, specifically in version 4.3.0cu.7866_B20220506. The issue arises in the setWiFiBasicConfig function, where the ssid parameter is improperly handled. This vulnerability allows attackers to craft input that causes a denial-of-service condition by exploiting the buffer overflow.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to become unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the 'UploadCustomModule/setWiFiBasicConfig' endpoint with a crafted ssid parameter that exceeds 36 characters. This can be done using a script that simulates the HTTP request with the malicious payload.

Added: Oct 22, 2025, 6:35 PM

Updated: Oct 22, 2025, 9:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK N600R Stack Overflow Vulnerability in WiFi Configuration

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK N600R

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating