Primary

Context

Totolink LR350 Buffer Overflow Vulnerability in setWiFiBasicCfg Function

Vulnerability

A buffer overflow vulnerability has been identified in the Totolink LR350 router running firmware version 9.3.5u.6369_B20220309. The issue arises in the function setWiFiBasicCfg within the file /cgi-bin/cstecgi.cgi. The vulnerability can be exploited remotely by manipulating the ssid argument, leading to a stack-based buffer overflow.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can potentially be used to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the setWiFiBasicCfg function in the /cgi-bin/cstecgi.cgi file. The request must include a specially manipulated ssid argument that exceeds the expected buffer size, causing a buffer overflow on the stack.

Added: Jan 19, 2026, 2:19 PM

Updated: Jan 19, 2026, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.6

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

7.6

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Totolink LR350 Buffer Overflow Vulnerability in setWiFiBasicCfg Function

Vulnerability

Impact

Reproduction

Affected Products

Totolink LR350

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating