This vulnerability was publicly disclosed on January 19, 2026 and is considered high severity, with a CVSS 3.1 score of 8.8 out of 10.
Affected Device
The issue impacts the TOTOLINK A3700R router, specifically devices running the firmware version:
- 9.1.2u.5822_B20200513 (confirmed vulnerable)
What’s the Problem?
CVE-2026-1143 is a remote buffer overflow flaw in the router’s web-based management interface.
The problem exists in a CGI function called setWiFiEasyGuestCfg, located in: /cgi-bin/cstecgi.cgi
This function processes an input parameter named ssid, but it fails to properly check the length of that input. If an attacker sends an overly long SSID value, the router copies it into a fixed-size buffer without validation. As a result, the buffer overflows and corrupts memory on the stack.
Put simply:
a specially crafted HTTP request can overwrite memory and potentially take control of how the router executes code. Because this happens in the web admin interface, a successful attack can lead to remote code execution or a full device takeover.
How the Vulnerability Is Exploited
- The vulnerable endpoint is reachable through the router’s web management interface.
- The firmware blindly copies the attacker-supplied SSID into a stack buffer.
- There’s no bounds checking, so long input overwrites nearby stack data such as return addresses.
- A carefully constructed payload can redirect execution to attacker-controlled code.
This is a classic stack-based buffer overflow scenario.
Exploitation Conditions
- Remote attack: Yes, exploitable over the network
- Privileges required: Low, especially if remote management is enabled
- User interaction: None
- Exploit status: Public proof-of-concept code is already available
Potential Impact
If exploited successfully, an attacker may be able to:
- Execute arbitrary code on the router with high privileges
- Fully compromise the device
- Modify configuration settings
- Redirect or spy on network traffic
- Install persistent malware
- Use the router as a foothold to attack internal systems
The risk is especially high when the router’s web admin interface is exposed to the internet.
Mitigation and Recommendations
Vendor patch status
As of disclosure, no confirmed firmware update has been released to fix this issue. Users should keep an eye on official support channels for updates.
What you can do right now
- Disable remote administration if it’s not absolutely necessary
- Limit web interface access to trusted internal IP addresses only
- Block access to the CGI endpoint at the firewall level, if possible
- Consider replacing the router or switching firmware if no fix is released
Quick Summary
| CVE ID | Device | Firmware | Severity | Attack Type |
|---|---|---|---|---|
| CVE-2026-1143 | TOTOLINK A3700R | 9.1.2u.5822_B20200513 | High (8.8) | Remote buffer overflow → possible RCE |
Key Takeaway
This is a real and actively exploitable remote vulnerability. If you’re using a TOTOLINK A3700R with the affected firmware, you should lock it down or update it immediately. Leaving it exposed could allow attackers to fully compromise your network.
