Description
A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Problem types
Product status
Timeline
| 2026-01-18: | Advisory disclosed |
| 2026-01-18: | VulDB entry created |
| 2026-01-20: | VulDB entry last update |
Credits
yhryhryhr_tu (VulDB User)
References
vuldb.com/?id.341752 (VDB-341752 | Totolink LR350 POST Request cstecgi.cgi setWizardCfg buffer overflow)
vuldb.com/?ctiid.341752 (VDB-341752 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.735728 (Submit #735728 | TOTOLINK LR350 LR350 V9.3.5u.6369_B20220309 Buffer Overflow)
lavender-bicycle-a5a.notion.site/...049e279?source=copy_link
www.totolink.net/