TOTOLink Vulnerability Vendor: TOTOLink Product: LR350 Version: V9.3.5u.6369_B20220309 (Download Link) Vulnerability Type: Stack Overflow Author: Chuanhao Wan Institution: Huazhong University of Science and Technology (HUST) Vulnerability Cause In the function, the parameter is retrieved via and passed to the function for decoding. The function stores the decoded input in a fixed-size buffer ( ) without any length checks. If the parameter is excessively long, can trigger a buffer overflow, overwriting adjacent stack data or the return address, leading to a Denial of Service (DoS) attack. Proof of Concept (PoC) To reproduce the vulnerability: 1. Boot the firmware using qemu-system or other methods (real hardware). 2. Launch the following PoC attack: Result The target router crashes and is unable to provide services correctly and persistently.