CVE-2025-28037

Name of the Vulnerable Software and Affected Versions TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A950RG version 4.1.2cu.5161 B20200903

Description The issue is a pre-auth remote command execution vulnerability. It is located in the setDiagnosisCfg function and can be exploited through the ipDomain parameter.

Recommendations For TOTOLINK A810R version 4.1.2cu.5182 B20201026, consider disabling the setDiagnosisCfg function until a patch is available. For TOTOLINK A950RG version 4.1.2cu.5161 B20200903, restrict access to the ipDomain parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.