CVE-2026-1157 – A buffer overflow vulnerability in the Totolink... (How to Fix)

Q: What is the severity of CVE-2026-1157?

CVE-2026-1157 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in the Totolink LR350 router's WiFi configuration function allows remote attackers to execute arbitrary code. This affects users of Totolink LR350 routers with vulnerable firmware. Attackers can exploit this without authentication to potentially take full control of the device.

📋 TL;DR

A buffer overflow vulnerability in the Totolink LR350 router's WiFi configuration function allows remote attackers to execute arbitrary code. This affects users of Totolink LR350 routers with vulnerable firmware. Attackers can exploit this without authentication to potentially take full control of the device.

💻 Affected Systems

Products:

Totolink LR350

Versions: 9.3.5u.6369_B20220309

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this specific firmware version are vulnerable. The vulnerable endpoint is accessible via web interface.

📦 What is this software?

Lr350 Firmware by Totolink

View all CVEs affecting Lr350 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router takeover enabling traffic interception, DNS manipulation, and use as a botnet node.

🟢

If Mitigated

Denial of service or limited information disclosure if exploit fails to achieve code execution.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and the exploit is publicly available.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but internet-facing exposure is more dangerous.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details are available in the provided reference. The attack requires sending specially crafted requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net/

Restart Required: Yes

Instructions:

1. Check Totolink website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router administration interface

Network segmentation

all

Isolate router management interface to trusted network segment only

🧯 If You Can't Patch

Replace affected router with different model or vendor
Implement strict firewall rules blocking access to port 80/443 on the router from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 9.3.5u.6369_B20220309, device is vulnerable.

Check Version:

Login to router web interface and check System Status or Firmware Information page.

Verify Fix Applied:

Verify firmware version has changed from vulnerable version after update.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /cgi-bin/cstecgi.cgi with setWiFiEasyCfg function
Large payloads in ssid parameter
Multiple failed authentication attempts followed by exploitation attempts

Network Indicators:

Unusual traffic patterns to router management interface
Suspicious payloads in HTTP requests to router

SIEM Query:

source="router_logs" AND (uri="/cgi-bin/cstecgi.cgi" AND params CONTAINS "setWiFiEasyCfg")

📊 Metadata

CVE ID: CVE-2026-1157

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (34.2th percentile)

Published: January 19, 2026

Last Updated: January 29, 2026

🔗 References

https://lavender-bicycle-a5a.notion.site/TOTOLINK-LR350-setWiFiEasyCfg-2e453a41781f80b7b53cef33c6a782aa?source=copy_link Exploit,Third Party Advisory
https://vuldb.com/?ctiid.341751 Permissions Required,VDB Entry
https://vuldb.com/?id.341751 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.735726 Third Party Advisory,VDB Entry
https://www.totolink.net/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1157, you might also want to check these: