| タイトル | Totolink N300RHv4 V6.1c.1353_B20190305 stack-based buffer overflow |
|---|
| 説明 | A pre-authentication stack-based buffer overflow vulnerability exists in the setWiFiBasicConfig functionality (via the KeyStr parameter in wireless.so) exposed through the web management interface (/cgi-bin/cstecgi.cgi) of the TOTOLINK N300RH router.
The vulnerability is located in the `setWiFiBasicConfig` handler within `wireless.so`. The web management interface receives the user-controlled `KeyStr` parameter (Wi-Fi key/password string) and copies it into a fixed-size local stack buffer without proper length validation or bounds checking.
This endpoint can be reached remotely without authentication and does not require user interaction.
The root cause is the lack of bounds checking when the input is spliced into a local variable under specific conditions (`AuthMode=OPEN`, `KeyType=1`, etc.), leading to a classic stack-based buffer overflow. |
|---|
| ソース | ⚠️ https://wx.mail.qq.com/s?k=iXbjuHnfMwoD0oWW3v |
|---|
| ユーザー | luotuo (UID 97973) |
|---|
| 送信 | 2026年05月06日 07:37 (1 月 ago) |
|---|
| モデレーション | 2026年05月30日 18:41 (24 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 367468 [Totolink N300RH 6.1c.1353_B20190305 Web Management Interface wireless.so setWiFiBasicConfig KeyStr メモリ破損] |
|---|
| ポイント | 17 |
|---|