TOTOLink Vulnerability Vendor: TOTOLink Product: LR350 Version: V9.3.5u.6369_B20220309 (Download Link) Vulnerability Type: Stack Overflow Author: Chuanhao Wan Institution: Huazhong University of Science and Technology (HUST) Vulnerability Cause In the function, the parameter is obtained via and passed to the function for decoding. stores the decoded input in a fixed-size buffer ( ) without length restrictions. If the parameter is excessively long, can trigger a buffer overflow, overwriting adjacent stack data or the return address, resulting in a Denial of Service (DoS) attack. Proof of Concept (PoC) To reproduce the vulnerability: 1. Boot the firmware using qemu-system or other methods (real machine). 2. Attack with the following PoC: Result The target router crashes and cannot provide services correctly and persistently.