| 标题 | Totolink N300RHv4 V6.1c.1353_B20190305 stack-based buffer overflow |
|---|
| 描述 | A pre-authentication stack-based buffer overflow vulnerability exists in the setWiFiBasicConfig functionality (via the KeyStr parameter in wireless.so) exposed through the web management interface (/cgi-bin/cstecgi.cgi) of the TOTOLINK N300RH router.
The vulnerability is located in the `setWiFiBasicConfig` handler within `wireless.so`. The web management interface receives the user-controlled `KeyStr` parameter (Wi-Fi key/password string) and copies it into a fixed-size local stack buffer without proper length validation or bounds checking.
This endpoint can be reached remotely without authentication and does not require user interaction.
The root cause is the lack of bounds checking when the input is spliced into a local variable under specific conditions (`AuthMode=OPEN`, `KeyType=1`, etc.), leading to a classic stack-based buffer overflow. |
|---|
| 来源 | ⚠️ https://wx.mail.qq.com/s?k=iXbjuHnfMwoD0oWW3v |
|---|
| 用户 | luotuo (UID 97973) |
|---|
| 提交 | 2026-05-06 07時37分 (1 月前) |
|---|
| 管理 | 2026-05-30 18時41分 (24 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 367468 [Totolink N300RH 6.1c.1353_B20190305 Web Management Interface wireless.so setWiFiBasicConfig KeyStr 内存损坏] |
|---|
| 积分 | 17 |
|---|