Buffer Overflow Vulnerability in Totolink LR350 Router
CVE-2026-1155

8.7HIGH

Key Information:

Vendor: Totolink
Status: Lr350
Vendor: CVE Published:; 19 January 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-1155?

A buffer overflow vulnerability has been identified in the Totolink LR350 router, specifically within the setWiFiEasyGuestCfg function located in /cgi-bin/cstecgi.cgi. By manipulating the 'ssid' argument, attackers can exploit this vulnerability remotely. This issue has been publicly disclosed, making the affected devices susceptible to external attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LR350 9.3.5u.6369_B20220309

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-1155 - Proof of Concept

References

https://vuldb.com/?id.341749

vdb-entrytechnical-description

https://vuldb.com/?ctiid.341749

signaturepermissions-required

https://vuldb.com/?submit.735718

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

🟡
Public PoC available
Jan 19, 2026
👾
Exploit known to exist
Jan 19, 2026
Vulnerability published
Jan 19, 2026
Vulnerability Reserved
Jan 18, 2026

Credit

wxhwxhwxh_mie (VulDB User)

JSON

Totolink

Badges

What is CVE-2026-1155?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.