CVE-2026-1328
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | nr1800x_firmware | 9.1.0u.6279_b20210910 |
| totolink | nr1800x | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1328 is a critical buffer overflow vulnerability in the Totolink NR1800X router firmware version 9.1.0u.6279_B20210910. It occurs in the setWizardCfg function of the /cgi-bin/cstecgi.cgi file, where the 'ssid' argument from a POST request is not properly checked for size before being processed. This allows an attacker to send a specially crafted input that exceeds the buffer size, causing a buffer overflow. The vulnerability can be exploited remotely without authentication, potentially compromising the device's confidentiality, integrity, and availability. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely to cause a buffer overflow in the affected router, which may lead to unauthorized control over the device, disruption of service, or compromise of sensitive information. It affects the confidentiality, integrity, and availability of the device, making it possible for attackers to execute arbitrary code or cause denial of service. Since the exploit is publicly available and easy to use, the risk of attack is high. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for suspicious POST requests to the endpoint /cgi-bin/cstecgi.cgi with the setWizardCfg function, specifically those containing unusually large or malformed 'ssid' parameters that may trigger a buffer overflow. A practical detection method is to capture HTTP POST requests targeting /cgi-bin/cstecgi.cgi and inspect the 'ssid' argument for abnormal length or encoding. For example, using a network packet capture tool like tcpdump or Wireshark, you can filter HTTP POST requests to this endpoint. A sample tcpdump command to capture such traffic might be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/cgi-bin/cstecgi.cgi'. Additionally, using curl or similar tools to send test POST requests with large 'ssid' parameters can help verify if the system is vulnerable. However, no specific detection commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Totolink NR1800X device or firmware version 9.1.0u.6279_B20210910 with an alternative or updated version, as no known countermeasures or patches currently exist. It is recommended to restrict remote access to the device, especially blocking POST requests to /cgi-bin/cstecgi.cgi if possible, to reduce exposure. Monitoring for exploitation attempts and applying network-level protections such as firewall rules to limit access to the vulnerable endpoint can also help mitigate risk until a fix is available. [1]