{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6157", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-12T18:06:21.026Z", "datePublished": "2026-04-13T03:45:34.313Z", "dateUpdated": "2026-04-13T11:44:36.935Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T03:45:34.313Z"}, "title": "Totolink A800R app.so setAppEasyWizardConfig buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Totolink", "product": "A800R", "versions": [{"version": "4.1.2cu.5137_B20200730", "status": "affected"}], "cpes": ["cpe:2.3:o:totolink:a800r_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-12T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-12T20:11:29.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "xuanyu (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/357037", "name": "VDB-357037 | Totolink A800R app.so setAppEasyWizardConfig buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/357037/cti", "name": "VDB-357037 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/793114", "name": "Submit #793114 | TOTOLINK A800R V4.1.2cu.5137_B20200730 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A800R/01_Buffer_Overflow_setAppEasyWizardConfig.md", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T11:38:54.829402Z", "id": "CVE-2026-6157", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T11:44:36.935Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6157", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T11:38:54.829402Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T11:43:42.599Z"}}], "cna": {"title": "Totolink A800R app.so setAppEasyWizardConfig buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "xuanyu (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:totolink:a800r_firmware:*:*:*:*:*:*:*:*"], "vendor": "Totolink", "product": "A800R", "versions": [{"status": "affected", "version": "4.1.2cu.5137_B20200730"}]}], "timeline": [{"lang": "en", "time": "2026-04-12T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-12T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-12T20:11:29.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/357037", "name": "VDB-357037 | Totolink A800R app.so setAppEasyWizardConfig buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/357037/cti", "name": "VDB-357037 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/793114", "name": "Submit #793114 | TOTOLINK A800R V4.1.2cu.5137_B20200730 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A800R/01_Buffer_Overflow_setAppEasyWizardConfig.md", "tags": ["exploit"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T03:45:34.313Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6157", "state": "PUBLISHED", "dateUpdated": "2026-04-13T11:44:36.935Z", "dateReserved": "2026-04-12T18:06:21.026Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-13T03:45:34.313Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used."}], "id": "CVE-2026-6157", "lastModified": "2026-04-27T19:05:57.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-13T04:16:16.817", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A800R/01_Buffer_Overflow_setAppEasyWizardConfig.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/793114"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357037"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357037/cti"}, {"source": "cna@vuldb.com", "url": "https://www.totolink.net/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.1.2cu.5137_B20200730"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "A800R", "source": "cna", "vendor": "Totolink"}, "product": "a800r", "vendor": "totolink"}], "analysis": {"en": {"generated_at": "2026-04-13T05:21:42.333524+00:00", "value": {"mitigation_remediation": ["Contact Totolink support to obtain a firmware update that addresses the buffer overflow.", "Apply the latest official firmware release for the A800R when available.", "If no update is available, isolate the device from untrusted networks to mitigate remote exploitation.", "Use a firewall to block traffic to the vulnerable service if possible."], "summary": {"action": "Patch ASAP", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The device affected is the Totolink A800R router with the specified firmware build. No broader version range is documented, so the vulnerability appears limited to this firmware version.", "description_and_impact": "A Totolink A800R router running firmware 4.1.2cu.5137_B20200730 contains a buffer\u2011overflow flaw in the setAppEasyWizardConfig function of /lib/cste_modules/app.so. By manipulating the apcliSsid parameter, an attacker can trigger memory corruption that may lead to arbitrary code execution. The bug is a classic stack buffer overflow (CWE\u2011119 and CWE\u2011120) and is triggered from a remote connection.", "risk_and_exploitability": "The flaw has a CVSS score of 8.7, indicating high severity, and the EPSS score is not listed. While it is not in CISA\u2019s KEV catalog, a public exploit has been released. Remote attackers can reach the device from any connected network, making exploitation practical and potentially impacting all users if the device is exposed."}}}}, "created": "2026-04-13T12:37:43.325941+00:00", "updated": "2026-04-13T12:53:30.713487+00:00", "vendors": ["totolink", "totolink$PRODUCT$a800r"]}