Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.
AnalysisAI
Buffer overflow in TOTOlink A3600R v5.9c.4959 setAppEasyWizardConfig interface allows remote code execution or denial of service via unvalidated rootSsid parameter in /lib/cste_modules/app.so. The vulnerability affects a Wi-Fi router's configuration endpoint and enables unauthenticated attackers to trigger memory corruption with potential for arbitrary code execution. No CVSS vector or patch status was available at time of analysis.
Technical ContextAI
The vulnerability exists in the setAppEasyWizardConfig interface implemented within app.so, a shared library module responsible for Wi-Fi configuration on TOTOlink A3600R routers. The rootSsid parameter, which typically contains the network Service Set Identifier (SSID), is processed without length validation before being copied into a fixed-size buffer in memory. This classic stack-based buffer overflow in a network-exposed configuration API can corrupt the call stack, potentially overwriting return addresses or other critical data structures. The affected firmware version 5.9c.4959 suggests this is a consumer-grade router device where the shared library module handles system configuration requests.
RemediationAI
Primary remediation requires TOTOlink to release a patched firmware version for the A3600R series that implements proper input validation and length checks for the rootSsid parameter in the setAppEasyWizardConfig interface. Affected users should monitor TOTOlink's official support channels and firmware download page for security updates addressing this buffer overflow. As an interim workaround, restrict network access to the router's configuration interface (typically port 80/443) using firewall rules or network segmentation, limiting exposure to trusted administrative networks only. For organizations operating multiple A3600R units, consider isolating affected devices on a separate management VLAN until patches are available. The GitHub reference (https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/rootSsid-setAppEasyWizardConfig.md) documents the vulnerability details and may include additional indicators for detection.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17913
GHSA-v5j6-9mr9-qwhr