Home / Vulnerability Intelligence / CVE-2026-4976

CVE-2026-4976 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 30, 2026

Totolink LR350 - Buffer Overflow

Published: March 27, 2026Updated: March 30, 2026Remote Exploitable

Overview

Totolink LR350 9.3.5u.6369_B20220309 contains a buffer overflow caused by manipulation of the "ssid" argument in setWiFiGuestCfg function in /cgi-bin/cstecgi.cgi, letting remote attackers cause memory corruption, exploit requires no special privileges.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 7.7%(Probability of exploitation in next 30 days)

Impact

Remote attackers can cause memory corruption, potentially leading to remote code execution or device compromise.

Mitigation

Update to the latest available version.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 27, 2026

🟠 CVE-2026-4976 - High (8.8) A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launch... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4976/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4976
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: unconfirmed
EPSS: 7.7%
Social Posts: 1

CWE

CWE-119

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

7.7%Probability of exploitation in the next 30 days