What is CVE-2026-1155?

A high-severity vulnerability in Totolink LR350 firmware may allow remote exploitation through buffer overflow. Immediate action is required to mitigate risks associated with this vulnerability.

What is the severity of CVE-2026-1155?

CVE-2026-1155 has a severity rating of HIGH with a CVSS base score of 7.4.

CVE-2026-1155 | High Vulnerability in Totolink LR350 Firmware

A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

With a CVSS score of 7.4, this vulnerability is classified as high severity. The risk to organizations includes potential unauthorized access and data compromise, making it critical for affected users to take immediate action. Organizations should prioritize patching immediately.

Given that the exploit has been made public, the urgency for defenders to address this vulnerability is heightened. The attack vector is network-based, requiring only low privileges to exploit, which increases the risk profile significantly.

Organizations should ensure they are using the latest firmware versions and consider additional security measures to mitigate the risk until a patch is applied.

Vulnerability Details

The vulnerability allows for a buffer overflow due to improper validation of the ssid parameter in the setWiFiEasyGuestCfg function. This misconfiguration can lead to unauthorized access and potential system compromise.

The CVSS 4.0 score of 7.4 indicates a high severity level, with a significant impact on confidentiality, integrity, and availability. The vulnerability affects the Totolink LR350 firmware version 9.3.5u.6369_B20220309.

Technical Analysis

The root cause of the vulnerability stems from inadequate input validation in the firmware. This allows an attacker to manipulate the ssid argument, leading to buffer overflow, which can result in arbitrary code execution.

The attack vector is network-based, meaning that exploitation can occur remotely without user interaction. The attack complexity is low, requiring only low privileges, which poses a significant risk to organizations running the affected firmware.

The impacts on confidentiality, integrity, and availability are high, making it crucial for organizations to assess their exposure and implement necessary security measures.

Risk & Impact Analysis

Organizations that utilize Totolink LR350 routers face real-world risks due to this vulnerability. The potential for remote exploitation increases the urgency to assess the deployment of this firmware in their environments.

The blast radius of this vulnerability could be significant, as an attacker could gain unauthorized access to sensitive data or disrupt services. Organizations should address this vulnerability as part of their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects the Totolink LR350 firmware version 9.3.5u.6369_B20220309. Organizations running this version should consider immediate action.

Mitigation & Remediation

Organizations should check for firmware updates and apply patches as soon as they are available. If a patch is not available, consider implementing network segmentation to limit exposure and monitor for any suspicious activity.

For critical infrastructures, consider engaging in penetration testing to assess potential vulnerabilities further.

Detection Guidance

Monitor network traffic for unusual patterns, particularly near the affected devices. Log any access attempts to the vulnerable function and investigate anomalies.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of secure coding practices and regular firmware updates. It represents a trend where network devices are increasingly targeted due to their widespread deployment.

Security teams should evaluate their exposure to similar vulnerabilities in other devices and prioritize risk assessments. For further insights, refer to our articles on penetration testing methodology and vulnerability management programs to enhance their security posture.

Additionally, understanding the landscape of vulnerabilities can aid organizations in preparing for future threats. For insights on current trends, see our work on ransomware targeting trends and how to mitigate them effectively.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-1155: High Vulnerability in Totolink LR350 Firmware