https://feed.craftedsignal.io/tags/cve-2026-4976/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 21:17:28 +0000https://feed.craftedsignal.io/briefs/2026-03-totolink-buffer-overflow/Fri, 27 Mar 2026 21:17:28 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-totolink-buffer-overflow/A buffer overflow vulnerability in Totolink LR350 version 9.3.5u.6369_B20220309 allows a remote attacker to execute arbitrary code by manipulating the 'ssid' argument in the setWiFiGuestCfg function.A critical buffer overflow vulnerability, CVE-2026-4976, has been identified in Totolink LR350 routers running firmware version 9.3.5u.6369_B20220309. The vulnerability resides in the setWiFiGuestCfg function within the /cgi-bin/cstecgi.cgi file. By crafting a malicious HTTP request and manipulating the ssid argument, a remote, unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution on the device. The availability of a public exploit…

]]>criticaladvisorycve-2026-4976buffer-overflowtotolinkrouterremote-code-execution