Unrated severityNVD Advisory· Published Jan 19, 2026· Updated Feb 23, 2026

TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg buffer overflow

CVE-2026-1143

Description

A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Affected products

TOTOLINK/A3700Rv5
cpe:2.3:o:totolink:a3700r_firmware:*:*:*:*:*:*:*:*
Range: 9.1.2u.5822_B20200513
Totolink/A3700Rllm-create
Range: = 9.1.2u.5822_B20200513

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setWiFiEasyGuestCfg-2e353a41781f8057a244ead07d5eaaffmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.totolink.netmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000