| शीर्षक | Totolink N300RHv4 V6.1c.1353_B20190305 stack-based buffer overflow |
|---|
| विवरण | A pre-authentication stack-based buffer overflow vulnerability exists in the setWiFiBasicConfig functionality (via the KeyStr parameter in wireless.so) exposed through the web management interface (/cgi-bin/cstecgi.cgi) of the TOTOLINK N300RH router.
The vulnerability is located in the `setWiFiBasicConfig` handler within `wireless.so`. The web management interface receives the user-controlled `KeyStr` parameter (Wi-Fi key/password string) and copies it into a fixed-size local stack buffer without proper length validation or bounds checking.
This endpoint can be reached remotely without authentication and does not require user interaction.
The root cause is the lack of bounds checking when the input is spliced into a local variable under specific conditions (`AuthMode=OPEN`, `KeyType=1`, etc.), leading to a classic stack-based buffer overflow. |
|---|
| स्रोत | ⚠️ https://wx.mail.qq.com/s?k=iXbjuHnfMwoD0oWW3v |
|---|
| उपयोगकर्ता | luotuo (UID 97973) |
|---|
| सबमिशन | 06/05/2026 07:37 AM (1 महीना पहले) |
|---|
| संयम | 30/05/2026 06:41 PM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367468 [Totolink N300RH 6.1c.1353_B20190305 Web Management Interface wireless.so setWiFiBasicConfig KeyStr बफ़र ओवरफ़्लो] |
|---|
| अंक | 17 |
|---|