CVE-2026-1157 - Vulnerability Details

- Totolink LR350 cstecgi.cgi setWiFiEasyCfg buffer overflow

Description

A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Published: 2026-01-19

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow exists in the setWiFiEasyCfg function of /cgi-bin/cstecgi.cgi on Totolink LR350. Manipulating the ssid argument can corrupt memory and potentially allow an attacker to execute arbitrary code on the device, compromising confidentiality, integrity, and availability. The flaw is identified as CWE-119 and CWE-120.

Affected Systems

Totolink LR350 routers running firmware 9.3.5u.6369_B20220309 are affected. No other firmware versions are listed as vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 8.7, indicating high severity. EPSS is below 1 %, which suggests a low exploitation probability, but the exploit is publicly available and may already be in use. The flaw is not in the CISA KEV catalog; nevertheless, attackers can reach it remotely through web requests, making the risk significant for devices exposed to the internet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Totolink

LR350

affected

Version	Status	Constraints
`9.3.5u.6369_B20220309`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:*:*:*:*:*:*:*

cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Totolink	Lr350	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Obtain and install the latest Totolink firmware revision that addresses the setWiFiEasyCfg buffer overflow.
Configure the network firewall or router ACL to block or restrict external access to the /cgi-bin/cstecgi.cgi endpoint.
Monitor router logs for anomalous ssid configuration attempts and quarantine any source IPs initiating repeated or malformed requests.

Generated by OpenCVE AI on April 18, 2026 at 05:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00211.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://lavender-bicycle-a5a.notion.site/TOTOLINK-LR350-setWiFiEasyCfg-2e453a41781f80b7b53cef33c6a782aa?source=copy_link
https://vuldb.com/?ctiid.341751
https://vuldb.com/?id.341751
https://vuldb.com/?submit.735726
https://www.totolink.net/

History

Mon, 23 Feb 2026 09:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:totolink:lr350_firmware::::::::

Thu, 29 Jan 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Totolink lr350 Firmware
CPEs		cpe:2.3:h:totolink:lr350:-:::::::* cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:::::::*
Vendors & Products		Totolink lr350 Firmware

Tue, 20 Jan 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 20 Jan 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Totolink Totolink lr350
Vendors & Products		Totolink Totolink lr350

Mon, 19 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Title		Totolink LR350 cstecgi.cgi setWiFiEasyCfg buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://lavender-bicycle-a5a.notion.site/TOTOLINK-LR350-setWiFiEasyCfg-2e453a41781f80b7b53cef33c6a782aa?source=copy_link https://vuldb.com/?ctiid.341751 https://vuldb.com/?id.341751 https://vuldb.com/?submit.735726 https://www.totolink.net/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Totolink Lr350 Lr350 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-19T14:02:10.111Z

Updated: 2026-02-23T08:46:34.104Z

Reserved: 2026-01-18T20:19:59.156Z

Link: CVE-2026-1157

Vulnrichment

Updated: 2026-01-20T21:32:27.592Z

NVD

Status : Analyzed

Published: 2026-01-19T14:15:50.140

Modified: 2026-01-29T18:36:21.287

Link: CVE-2026-1157

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T05:15:15Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object