Totolink LR350 Remote Buffer Overflow Vulnerability (CVE-2026-4976)
A buffer overflow vulnerability in Totolink LR350 version 9.3.5u.6369_B20220309 allows a remote attacker to execute arbitrary code by manipulating the 'ssid' argument in the setWiFiGuestCfg function.
A critical buffer overflow vulnerability, CVE-2026-4976, has been identified in Totolink LR350 routers running firmware version 9.3.5u.6369_B20220309. The vulnerability resides in the setWiFiGuestCfg function within the /cgi-bin/cstecgi.cgi file. By crafting a malicious HTTP request and manipulating the ssid argument, a remote, unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution on the device. The availability of a public exploit…
Detection coverage 2
Detect Suspiciously Long SSID Parameter in Totolink CGI Request
highDetects HTTP POST requests to cstecgi.cgi with an abnormally long SSID parameter, indicating a potential buffer overflow attempt in Totolink LR350.
Detect Attempts to Access Totolink Configuration CGI
lowDetects access attempts to the Totolink configuration CGI, which may indicate reconnaissance or exploitation attempts.
Detection queries are kept inside the platform. Get full rules →