Skip to main content

CVE-2026-31027

| EUVDEUVD-2026-17913 CRITICAL
Classic Buffer Overflow (CWE-120)
2026-04-01 mitre GHSA-v5j6-9mr9-qwhr
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 16:00 euvd
EUVD-2026-17913
Analysis Generated
Apr 01, 2026 - 16:00 vuln.today
CVE Published
Apr 01, 2026 - 00:00 nvd
CRITICAL 9.8

DescriptionCVE.org

TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.

AnalysisAI

Buffer overflow in TOTOlink A3600R v5.9c.4959 setAppEasyWizardConfig interface allows remote code execution or denial of service via unvalidated rootSsid parameter in /lib/cste_modules/app.so. The vulnerability affects a Wi-Fi router's configuration endpoint and enables unauthenticated attackers to trigger memory corruption with potential for arbitrary code execution. No CVSS vector or patch status was available at time of analysis.

Technical ContextAI

The vulnerability exists in the setAppEasyWizardConfig interface implemented within app.so, a shared library module responsible for Wi-Fi configuration on TOTOlink A3600R routers. The rootSsid parameter, which typically contains the network Service Set Identifier (SSID), is processed without length validation before being copied into a fixed-size buffer in memory. This classic stack-based buffer overflow in a network-exposed configuration API can corrupt the call stack, potentially overwriting return addresses or other critical data structures. The affected firmware version 5.9c.4959 suggests this is a consumer-grade router device where the shared library module handles system configuration requests.

RemediationAI

Primary remediation requires TOTOlink to release a patched firmware version for the A3600R series that implements proper input validation and length checks for the rootSsid parameter in the setAppEasyWizardConfig interface. Affected users should monitor TOTOlink's official support channels and firmware download page for security updates addressing this buffer overflow. As an interim workaround, restrict network access to the router's configuration interface (typically port 80/443) using firewall rules or network segmentation, limiting exposure to trusted administrative networks only. For organizations operating multiple A3600R units, consider isolating affected devices on a separate management VLAN until patches are available. The GitHub reference (https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/rootSsid-setAppEasyWizardConfig.md) documents the vulnerability details and may include additional indicators for detection.

Share

CVE-2026-31027 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy