Primary

Context

Totolink LR350 Buffer Overflow Vulnerability in setWiFiEasyGuestCfg Function

Vulnerability

A buffer overflow vulnerability has been identified in the Totolink LR350 router running firmware version 9.3.5u.6369_B20220309. The issue arises in the function setWiFiEasyGuestCfg within the file /cgi-bin/cstecgi.cgi. The vulnerability can be exploited remotely by manipulating the ssid argument, leading to a buffer overflow condition.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can commonly lead to arbitrary code execution or causing a crash, but the specific consequences in this case are not detailed.

Reproduction

To reproduce this vulnerability, send a request to the setWiFiEasyGuestCfg function in the /cgi-bin/cstecgi.cgi file, including a crafted ssid argument that exceeds the buffer size limitations. The input should be designed to overwrite adjacent memory on the stack, which can be achieved by including more data than the buffer can safely hold.

Added: Jan 19, 2026, 1:20 PM

Updated: Jan 19, 2026, 1:20 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

8.7

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

8.7

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Totolink LR350 Buffer Overflow Vulnerability in setWiFiEasyGuestCfg Function

Vulnerability

Impact

Reproduction

Affected Products

Totolink LR350

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating