Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-28033

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Apr, 2025 | 00:00
Updated At-23 Apr, 2025 | 14:48
Rejected At-
Credits

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Apr, 2025 | 00:00
Updated At:23 Apr, 2025 | 14:48
Rejected At:
▼CVE Numbering Authority (CNA)

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://locrian-lightning-dc7.notion.site/BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c
N/A
Hyperlink: https://locrian-lightning-dc7.notion.site/BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c
exploit
Hyperlink: https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Apr, 2025 | 14:15
Updated At:29 Apr, 2025 | 16:19

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches

TOTOLINK
totolink
>>a800r_firmware>>4.1.2cu.5137_b20200730
cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a800r>>-
cpe:2.3:h:totolink:a800r:-:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a810r_firmware>>4.1.2cu.5182_b20201026
cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a810r>>-
cpe:2.3:h:totolink:a810r:-:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a830r_firmware>>4.1.2cu.5182_b20201102
cpe:2.3:o:totolink:a830r_firmware:4.1.2cu.5182_b20201102:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a830r>>-
cpe:2.3:h:totolink:a830r:-:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a950rg_firmware>>4.1.2cu.5161_b20200903
cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5161_b20200903:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a950rg>>-
cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a3000ru_firmware>>5.9c.5185_b20201128
cpe:2.3:o:totolink:a3000ru_firmware:5.9c.5185_b20201128:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a3000ru>>-
cpe:2.3:h:totolink:a3000ru:-:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a3100r_firmware>>4.1.2cu.5247_b20211129
cpe:2.3:o:totolink:a3100r_firmware:4.1.2cu.5247_b20211129:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a3100r>>-
cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-121
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://locrian-lightning-dc7.notion.site/BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8ccve@mitre.org
Exploit
Third Party Advisory
https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Third Party Advisory
Hyperlink: https://locrian-lightning-dc7.notion.site/BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

112Records found

CVE-2024-0575
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.72% / 71.56%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:00
Updated-10 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink LR1200GB cstecgi.cgi setTracerouteCfg stack-based overflow

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-lr1200gb_firmwarelr1200gbLR1200GBlr1200gb_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0571
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.13%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 13:31
Updated-17 Jun, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink LR1200GB cstecgi.cgi setSmsCfg stack-based overflow

A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-lr1200gb_firmwarelr1200gbLR1200GB
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0576
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.62% / 69.12%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:31
Updated-06 Jun, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink LR1200GB cstecgi.cgi setIpPortFilterRules stack-based overflow

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-lr1200gb_firmwarelr1200gbLR1200GB
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0578
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.88% / 74.44%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 16:00
Updated-01 Aug, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink LR1200GB cstecgi.cgi UploadCustomModule stack-based overflow

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-lr1200gb_firmwarelr1200gbLR1200GBlr1200gb_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-1004
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.08% / 24.67%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 15:00
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N200RE cstecgi.cgi loginAuth stack-based overflow

A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n200re_firmwaren200reN200RE
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0574
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.85%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:00
Updated-02 Jun, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink LR1200GB cstecgi.cgi setParentalRules stack-based overflow

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-lr1200gb_firmwarelr1200gbLR1200GB
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-7218
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.20% / 42.52%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 21:00
Updated-17 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N350RT cstecgi.cgi loginAuth stack-based overflow

A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n350rt_firmwaren350rtN350RT
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-7214
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 25.12%
||
7 Day CHG~0.00%
Published-07 Jan, 2024 | 20:00
Updated-14 Nov, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N350RT HTTP POST Request main stack-based overflow

A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n350rt_firmwaren350rtN350RT
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-7187
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.28%
||
7 Day CHG~0.00%
Published-31 Dec, 2023 | 14:00
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N350RT HTTP POST Request stack-based overflow

A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n350rt_firmwaren350rtN350RT
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-7219
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.09% / 26.24%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 06:00
Updated-03 Jun, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N350RT cstecgi.cgi loginAuth stack-based overflow

A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n350rt_firmwaren350rtN350RT
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-7220
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.93%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 07:31
Updated-17 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink NR1800X cstecgi.cgi loginAuth stack-based overflow

A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-nr1800x_firmwarenr1800xNR1800X
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-7213
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 25.12%
||
7 Day CHG~0.00%
Published-07 Jan, 2024 | 19:00
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N350RT HTTP POST Request main stack-based overflow

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n350rt_firmwaren350rtN350RT
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-6486
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.71%
||
7 Day CHG~0.00%
Published-22 Jun, 2025 | 17:31
Updated-07 Jul, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3002R formWlanMultipleAP stack-based overflow

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a3002ra3002r_firmwareA3002R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-6302
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.17% / 38.38%
||
7 Day CHG+0.02%
Published-20 Jun, 2025 | 03:00
Updated-02 Jul, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T cstecgi.cgi setStaticDhcpConfig stack-based overflow

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200t_firmwareex1200tEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-6487
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.71%
||
7 Day CHG~0.00%
Published-22 Jun, 2025 | 18:00
Updated-07 Jul, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3002R formRoute stack-based overflow

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a3002ra3002r_firmwareA3002R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-34202
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.33%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 16:37
Updated-03 Apr, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-cp450cp450_firmwaren/acp450
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-5600
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.36% / 57.73%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 17:31
Updated-10 Jun, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T cstecgi.cgi setLanguageCfg stack-based overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200tex1200t_firmwareEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-34217
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.7||HIGH
EPSS-0.45% / 62.75%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 16:25
Updated-09 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-cp450cp450_firmwaren/acp450_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-46552
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.24% / 47.55%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x2000rx2000r_firmwaren/ax2000r_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-1783
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 60.99%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 00:00
Updated-01 Apr, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-lr1200gblr1200gb_firmwareLR1200GBlr1200gb_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-12352
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.35%
||
7 Day CHG+0.03%
Published-09 Dec, 2024 | 01:00
Updated-10 Dec, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1800T cstecgi.cgi sub_40662C stack-based overflow

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1800t_firmwareex1800tEX1800Tex1800t
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45787
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100r_firmwarea3100rn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45797
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.06%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a950rg_firmwarea950rgn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45843
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.30%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-nr1800x_firmwarenr1800xn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45867
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 13.86%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 00:00
Updated-17 Jun, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002r_firmwarea3002rn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-45845
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.30%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-nr1800x_firmwarenr1800xn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45841
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.58%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-nr1800x_firmwarenr1800xn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45788
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100r_firmwarea3100rn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45790
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100r_firmwarea3100rn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45789
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.72%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100r_firmwarea3100rn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45844
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.30%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-nr1800x_firmwarenr1800xn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45842
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.30%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 00:00
Updated-16 May, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-nr1800x_firmwarenr1800xn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-45862
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.39%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 00:00
Updated-24 May, 2025 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002ra3002r_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0572
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.21%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 14:00
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink LR1200GB cstecgi.cgi setOpModeCfg stack-based overflow

A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-lr1200gb_firmwarelr1200gbLR1200GB
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0573
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.24%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 14:31
Updated-01 Aug, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink LR1200GB cstecgi.cgi setDiagnosisCfg stack-based overflow

A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-lr1200gb_firmwarelr1200gbLR1200GBlr1200gb_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-1003
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.10% / 27.42%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 14:31
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N200RE cstecgi.cgi setLanguageCfg stack-based overflow

A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n200re_firmwaren200reN200RE
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0997
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.11% / 30.86%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 12:31
Updated-05 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink N200RE cstecgi.cgi setOpModeCfg stack-based overflow

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n200re_firmwaren200reN200REn200re_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-28135
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.19%
||
7 Day CHG-0.07%
Published-27 Mar, 2025 | 00:00
Updated-15 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a810ra810r_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-28030
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.07%
||
7 Day CHG+0.11%
Published-22 Apr, 2025 | 00:00
Updated-29 Apr, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a810ra810r_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-28136
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.69%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 00:00
Updated-29 Apr, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a800ra800r_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-2369
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.44% / 62.44%
||
7 Day CHG+0.12%
Published-17 Mar, 2025 | 08:31
Updated-07 Apr, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1800T cstecgi.cgi setPasswordCfg stack-based overflow

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1800t_firmwareex1800tEX1800T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2370
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.46% / 63.11%
||
7 Day CHG+0.13%
Published-17 Mar, 2025 | 09:00
Updated-07 Apr, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig stack-based overflow

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1800t_firmwareex1800tEX1800T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46553
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.24% / 47.55%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x2000rx2000r_firmwaren/ax2000r_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-22903
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.17% / 38.37%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 00:00
Updated-22 Apr, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n600r_firmwaren600rn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-46559
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x2000rx2000r_firmwaren/ax2000r_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-22900
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.12%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 00:00
Updated-22 Apr, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n600r_firmwaren600rn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-7909
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.43% / 61.87%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 18:00
Updated-21 Aug, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200l_firmwareex1200lEX1200Lex1200l_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7908
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.44% / 62.44%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 17:00
Updated-19 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200l_firmwareex1200lEX1200Lex1200l_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-36950
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.82%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarex5000r_firmwarex5000ra7000rn/aa7000r_firmwarex5000r_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-36947
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.82%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-12 Sep, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarex5000r_firmwarex5000ra7000rn/aa7000r_firmwarex5000r_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found