CVE-2026-1686
Remote Buffer Overflow in Totolink A3600R app.so Module
Publication date: 2026-01-30
Last updated on: 2026-02-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a3600r_firmware | 5.9c.4959 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the Totolink A3600R router firmware version 5.9c.4959. It occurs in the function setAppEasyWizardConfig within the /lib/cste_modules/app.so library. Specifically, the argument apcliSsid is not properly validated for length, allowing an attacker to send an overly long input that overflows the buffer. This flaw can be exploited remotely without physical or local access, potentially leading to arbitrary code execution or denial of service on the device. [1, 2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the affected Totolink A3600R router. An attacker can remotely execute arbitrary code or cause denial of service, potentially taking control of the device or disrupting its normal operation. This can lead to unauthorized access to network resources, interruption of network services, and further attacks on connected systems. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for unusual or malformed requests targeting the setAppEasyWizardConfig function, specifically those manipulating the apcliSsid parameter with overly long input strings that could trigger the buffer overflow. Since a public proof-of-concept exploit is available, network intrusion detection systems (NIDS) can be configured to look for exploit signatures related to this vulnerability. However, no specific detection commands are provided in the resources. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Totolink A3600R device running firmware version 5.9c.4959 with an alternative product, as no known countermeasures or patches currently exist. Additionally, restricting remote access to the device and monitoring for exploit attempts can help reduce risk until a fix is available. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to compromise the confidentiality, integrity, and availability of the affected device, which could lead to unauthorized access or data breaches. Such security failures can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity. However, no specific compliance impact details are provided in the resources. [2]