| عنوان | Totolink N300RHv4 V6.1c.1353_B20190305 stack-based buffer overflow |
|---|
| الوصف | A pre-authentication stack-based buffer overflow vulnerability exists in the setWiFiBasicConfig functionality (via the KeyStr parameter in wireless.so) exposed through the web management interface (/cgi-bin/cstecgi.cgi) of the TOTOLINK N300RH router.
The vulnerability is located in the `setWiFiBasicConfig` handler within `wireless.so`. The web management interface receives the user-controlled `KeyStr` parameter (Wi-Fi key/password string) and copies it into a fixed-size local stack buffer without proper length validation or bounds checking.
This endpoint can be reached remotely without authentication and does not require user interaction.
The root cause is the lack of bounds checking when the input is spliced into a local variable under specific conditions (`AuthMode=OPEN`, `KeyType=1`, etc.), leading to a classic stack-based buffer overflow. |
|---|
| المصدر | ⚠️ https://wx.mail.qq.com/s?k=iXbjuHnfMwoD0oWW3v |
|---|
| المستخدم | luotuo (UID 97973) |
|---|
| ارسال | 06/05/2026 07:37 AM (29 أيام منذ) |
|---|
| الاعتدال | 30/05/2026 06:41 PM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367468 [Totolink N300RH 6.1c.1353_B20190305 Web Management Interface wireless.so setWiFiBasicConfig KeyStr تلف الذاكرة] |
|---|
| النقاط | 17 |
|---|