Unrated severityNVD Advisory· Published Jan 19, 2026· Updated Feb 23, 2026

Totolink LR350 POST Request cstecgi.cgi setWizardCfg buffer overflow

CVE-2026-1158

Description

A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

Affected products

Totolink/Lr350 Firmwarev5
cpe:2.3:o:totolink:lr350_firmware:*:*:*:*:*:*:*:*
Range: 9.3.5u.6369_B20220309

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lavender-bicycle-a5a.notion.site/TOTOLINK-LR350-setWizardCfg-2e453a41781f80ce89cfc1d25049e279mitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.totolink.netmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000