PT-2025-17566 · Totolink · Totolink A950Rg+3
Published
2025-04-22
·
Updated
2025-05-07
·
CVE-2025-28026
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A830R version 4.1.2cu.5182 B20201102
TOTOLINK A950RG version 4.1.2cu.5161 B20200903
TOTOLINK A3000RU version 5.9c.5185 B20201128
TOTOLINK A3100R version 4.1.2cu.5247 B20211129
Description
A buffer overflow vulnerability was found in the downloadFile.cgi of the affected TOTOLINK router firmware versions.
Recommendations
For TOTOLINK A830R version 4.1.2cu.5182 B20201102, consider disabling access to the downloadFile.cgi until a patch is available.
For TOTOLINK A950RG version 4.1.2cu.5161 B20200903, restrict the use of the downloadFile.cgi to minimize the risk of exploitation.
For TOTOLINK A3000RU version 5.9c.5185 B20201128, avoid using the downloadFile.cgi in the affected API endpoint until the issue is resolved.
For TOTOLINK A3100R version 4.1.2cu.5247 B20211129, as a temporary workaround, consider disabling the downloadFile.cgi function until a patch is available.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3000Ru
Totolink A3100R
Totolink A830R
Totolink A950Rg