CVE Identifier: CVE-2026-1158 CVSS Meta Temp Score: 8.4 Current Exploit Price: $0-$5k CTI Interest Score: 3.89 Summary A vulnerability described as critical has been identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack can be launched remotely. Moreover, an exploit is present. Details Affected Component: POST Request Handler ( ) Affected Function: Vulnerability Type: Buffer overflow due to the manipulation of the argument. CWE Definition: CWE-120 Impact: Affects confidentiality, integrity, and availability. Exploitation Ease: The exploitation appears to be easy. Technical Details and Exploit: Known and available as a proof-of-concept at lavender-bicycle-a5a.notion.site.