CVE-2026-1158
Unknown Unknown - Not Provided
Buffer Overflow in Totolink LR350 POST Handler Enables Remote Attack

Publication date: 2026-01-19

Last updated on: 2026-01-19

Assigner: VulDB

Description
A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-19
Last Modified
2026-01-19
Generated
2026-06-16
AI Q&A
2026-01-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1158
EUVD
EUVD-2026-3224
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink lr350 9.3.5u.6369_b20220309
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a buffer overflow in the Totolink LR350 router firmware version 9.3.5u.6369_B20220309. It occurs in the setWizardCfg function of the /cgi-bin/cstecgi.cgi file, specifically when handling the 'ssid' parameter in a POST request. Because the input size of the 'ssid' parameter is not properly checked before being copied, a specially crafted POST request can cause memory corruption by overflowing the buffer. This flaw can be exploited remotely without authentication. [1, 2]

Impact Analysis

Exploitation of this vulnerability can lead to compromise of the affected device's confidentiality, integrity, and availability. An attacker can remotely execute a specially crafted POST request to cause memory corruption, potentially allowing them to take control of the device, disrupt its operation, or access sensitive information. Since the exploit is publicly available and requires no authentication, the risk of attack is significant. [2]

Detection Guidance

This vulnerability can be detected by monitoring for POST requests to the endpoint /cgi-bin/cstecgi.cgi containing the ssid parameter with unusually large or malformed values that could trigger a buffer overflow. Network intrusion detection systems (NIDS) can be configured to alert on such suspicious POST requests. Additionally, you can use tools like curl or wget to manually test the endpoint by sending crafted POST requests with oversized ssid parameters to see if the device behaves unexpectedly or crashes. Example command to test the vulnerability: curl -X POST http://<router-ip>/cgi-bin/cstecgi.cgi -d "ssid=$(python3 -c 'print("A"*1000)')" [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected device's management interface from untrusted networks, such as the internet, by using firewall rules or network segmentation. Since no patches or countermeasures are currently available, consider replacing the affected Totolink LR350 router with a secure alternative. Monitoring for exploit attempts and disabling remote management features if possible can also reduce risk. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1158. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart