CVE-2026-1143 - Vulnerability Details

- TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg buffer overflow

Description

A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Published: 2026-01-19

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow exists in the setWiFiEasyGuestCfg subroutine of the /cgi-bin/cstecgi.cgi CGI script on TOTOLINK A3700R routers. Overly long ssid values can overwrite adjacent stack memory, potentially corrupting control flow or causing a crash. The official description notes that an attacker could exploit this flaw remotely, and that exploit code is publicly available, indicating that successful exploitation would likely lead to arbitrary code execution or denial of service on the device.

Affected Systems

The vulnerability is limited to TOTOLINK A3700R firmware revision 9.1.2u.5822_B20200513. No other firmware versions are listed in the provided data. The vulnerability is specifically tied to the cstecgi.cgi entry point that handles guest Wi‑Fi configuration.

Risk and Exploitability

The CVSS base score of 8.7 classifies this flaw as high severity. The EPSS score of less than 1% suggests that, as of now, actual exploitation is unlikely but not impossible; the flaw is not present in the CISA KEV catalog. Based on the description, it is inferred that the attacker may reach the ssid parameter without authentication, although this is not explicitly confirmed. Public exploit code being available increases the risk that attackers will attempt to abuse the vulnerability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TOTOLINK

A3700R

affected

Version	Status	Constraints
`9.1.2u.5822_B20200513`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.5822_b20200513:*:*:*:*:*:*:*

cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Totolink	A3700r	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Obtain and install the latest firmware that resolves the unsafe argument validation in setWiFiEasyGuestCfg on the router’s web interface.
If a patch is not immediately available, disable the Wi‑Fi Easy Guest feature or the corresponding CGI endpoint to eliminate the attack surface.
Restrict remote access to the router’s web interface by enabling a VPN, changing default admin credentials, or limiting the device to a local network.
Monitor for anomalous traffic or crashes that could indicate exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 19:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00163.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setWiFiEasyGuestCfg-2e353a41781f8057a244ead07d5eaaff?source=copy_link
https://vuldb.com/?ctiid.341735
https://vuldb.com/?id.341735
https://vuldb.com/?submit.735502
https://www.totolink.net/

History

Mon, 23 Feb 2026 08:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:totolink:a3700r_firmware::::::::

Thu, 29 Jan 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Totolink a3700r Firmware
CPEs		cpe:2.3:h:totolink:a3700r:-:::::::* cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.5822_b20200513:::::::*
Vendors & Products		Totolink a3700r Firmware

Tue, 20 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 20 Jan 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Totolink Totolink a3700r
Vendors & Products		Totolink Totolink a3700r

Mon, 19 Jan 2026 07:15:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Title		TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setWiFiEasyGuestCfg-2e353a41781f8057a244ead07d5eaaff?source=copy_link https://vuldb.com/?ctiid.341735 https://vuldb.com/?id.341735 https://vuldb.com/?submit.735502 https://www.totolink.net/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Totolink A3700r A3700r Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-19T07:02:08.102Z

Updated: 2026-02-23T08:43:26.629Z

Reserved: 2026-01-18T07:39:45.267Z

Link: CVE-2026-1143

Vulnrichment

Updated: 2026-01-20T15:22:28.027Z

NVD

Status : Analyzed

Published: 2026-01-19T07:16:22.667

Modified: 2026-01-29T18:31:16.543

Link: CVE-2026-1143

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T20:00:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object