| 제목 | Totolink N300RHv4 V6.1c.1353_B20190305 stack-based buffer overflow |
|---|
| 설명 | A pre-authentication stack-based buffer overflow vulnerability exists in the setWiFiBasicConfig functionality (via the KeyStr parameter in wireless.so) exposed through the web management interface (/cgi-bin/cstecgi.cgi) of the TOTOLINK N300RH router.
The vulnerability is located in the `setWiFiBasicConfig` handler within `wireless.so`. The web management interface receives the user-controlled `KeyStr` parameter (Wi-Fi key/password string) and copies it into a fixed-size local stack buffer without proper length validation or bounds checking.
This endpoint can be reached remotely without authentication and does not require user interaction.
The root cause is the lack of bounds checking when the input is spliced into a local variable under specific conditions (`AuthMode=OPEN`, `KeyType=1`, etc.), leading to a classic stack-based buffer overflow. |
|---|
| 원천 | ⚠️ https://wx.mail.qq.com/s?k=iXbjuHnfMwoD0oWW3v |
|---|
| 사용자 | luotuo (UID 97973) |
|---|
| 제출 | 2026. 05. 06. AM 07:37 (30 날 ago) |
|---|
| 모더레이션 | 2026. 05. 30. PM 06:41 (24 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367468 [Totolink N300RH 6.1c.1353_B20190305 Web Management Interface wireless.so setWiFiBasicConfig KeyStr 메모리 손상] |
|---|
| 포인트들 | 17 |
|---|