EUVD-2026-21814CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2Tags
Description
A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
Analysis
Buffer overflow in Totolink A800R router firmware 4.1.2cu.5137_B20200730 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the setAppEasyWizardConfig function within /lib/cste_modules/app.so, triggered by malicious input to the apcliSsid parameter. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Totolik A800R devices and document current firmware versions; restrict administrative access to router management interfaces to trusted networks only. Within 7 days: Contact Totolik support to confirm patch timeline and interim firmware availability; implement network segmentation to isolate router management traffic. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today