CVE-2026-31027

Name of the Vulnerable Software and Affected Versions TOTOlink A3600R version 5.9c.4959

Description The TOTOlink A3600R version 5.9c.4959 contains a buffer overflow flaw in the setAppEasyWizardConfig interface of /lib/cste modules/app.so. The issue is due to insufficient validation of the length of the rootSsid parameter, which can allow a remote attacker to trigger a buffer overflow, potentially resulting in arbitrary code execution or denial of service.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the setAppEasyWizardConfig interface until a patch is available.