CVE-2026-6157

HIGH

A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 4/13/2026Modified: 4/27/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (5)

https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A800R/01_Buffer_Overflow_setAppEasyWizardConfig.md https://vuldb.com/submit/793114 https://vuldb.com/vuln/357037 https://vuldb.com/vuln/357037/cti https://www.totolink.net/