CNNVD-202601-4993 Information

Jan 30, 2026 cve

CNNVD ID

CNNVD-202601-4993

CVE-2026-1686

CNNVD Published: 2026-01-30

Description (Chinese)

TOTOLINK A3600R是中国吉翁电子（TOTOLINK）公司的一款 6 天线 1200M 无线路由器。 TOTOLINK A3600R 5.9c.4959版本存在安全漏洞，该漏洞源于/lib/cste_modules/app.so库中setAppEasyWizardConfig函数对参数apcliSsid的操作导致缓冲区溢出，可能导致远程代码执行。

Description (English)

TOTOLINK A3600R is a 6-ray 1200M wireless router of the Chinese company TOTOLINK. The security loophole in TOTOLINK A3600R 5.9c.4959 results from the operation of the setAppEasyWizardConfig function in the library of /lib/cste modules/app.so to the parameter arccliSsid, which may result in a spill over the buffer zone.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

吉翁电子

Published

2026-01-30

Last Modified

2026-02-24

References

https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md#poc https://vuldb.com/?ctiid.343480 https://vuldb.com/?id.343480 https://vuldb.com/?submit.740888 https://www.totolink.net/ https://access.redhat.com/security/cve/cve-2026-1686

Share on: