{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-1686","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-01-30T07:42:17.946Z","datePublished":"2026-01-30T15:02:08.241Z","dateUpdated":"2026-02-23T09:09:13.406Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-23T09:09:13.406Z"},"title":"Totolink A3600R app.so setAppEasyWizardConfig buffer overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"Totolink","product":"A3600R","versions":[{"version":"5.9c.4959","status":"affected"}],"cpes":["cpe:2.3:o:totolink:a3600r_firmware:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":9,"vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-01-30T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-01-30T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-01-31T10:40:45.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Abcd1234 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.343480","name":"VDB-343480 | Totolink A3600R app.so setAppEasyWizardConfig buffer overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.343480","name":"VDB-343480 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.740888","name":"Submit #740888 | TOTOLINK A3600R V5.9c.4959 Buffer Overflow","tags":["third-party-advisory"]},{"url":"https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md","tags":["related"]},{"url":"https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A3600R/4959-apcliSsid-setAppEasyWizardConfig.md#poc","tags":["exploit"]},{"url":"https://www.totolink.net/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-30T15:32:50.894933Z","id":"CVE-2026-1686","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-30T15:34:05.530Z"}}]}}