CVE-2026-6168
Received Received - Intake
Stack-Based Buffer Overflow in TOTOLINK A7000R WiFi Config CGI

Publication date: 2026-04-13

Last updated on: 2026-04-13

Assigner: VulDB

Description
A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6168
EUVD
EUVD-2026-21893
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a7000r to 9.1.0u.6115 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the TOTOLINK A7000R router firmware version 9.1.0u.6115 and earlier, specifically in the function setWiFiEasyGuestCfg within the cstecgi.cgi binary file.

The issue arises because the function does not properly validate the length of the ssid5g parameter before processing it. The ssid5g parameter is obtained from the front-end, URL-decoded, and then copied into a fixed-size 128-byte buffer on the stack without boundary checks.

An attacker can exploit this by sending a crafted HTTP POST request with an excessively long ssid5g value, causing a stack-based buffer overflow. This overflow can overwrite adjacent memory on the stack, potentially leading to undefined behavior or remote code execution.

Impact Analysis

The vulnerability allows remote attackers to cause a stack-based buffer overflow by sending a specially crafted HTTP POST request to the router's CGI interface.

This can lead to serious impacts such as remote code execution, denial of service, or unauthorized control over the affected device.

Because the exploit is publicly available, attackers can easily leverage this flaw to compromise the router remotely without user interaction.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /cgi-bin/cstecgi.cgi on the TOTOLINK A7000R router. The request should include the parameter ssid5g with an excessively long string value that exceeds the 128-byte buffer size.

A proof-of-concept detection method involves using a command-line tool like curl to send the malicious POST request with content type application/x-www-form-urlencoded and parameters such as key, hssid, wifiOff, wifiOff5g, topicurl set to "setWiFiEasyGuestCfg", and ssid5g filled with a long string of characters.

  • Example curl command to test the vulnerability: curl -X POST http://<router-ip>/cgi-bin/cstecgi.cgi -H "Content-Type: application/x-www-form-urlencoded" -d "key=somekey&hssid=somehssid&wifiOff=0&wifiOff5g=0&topicurl=setWiFiEasyGuestCfg&ssid5g=$(python3 -c 'print("a"*200)')"

If the router is vulnerable, this request may cause abnormal behavior such as a crash or reboot, indicating the presence of the stack-based buffer overflow.

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted networks only, such as limiting access to the local network or specific IP addresses.

Avoid exposing the router's CGI interface to the internet to prevent remote exploitation.

Monitor for unusual router behavior such as crashes or reboots that may indicate exploitation attempts.

Check for and apply any available firmware updates from TOTOLINK that address this vulnerability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart