PT-2025-17567 · Totolink · Totolink A950Rg+3
Published
2025-04-22
·
Updated
2025-04-24
·
CVE-2025-28027
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A830R version 4.1.2cu.5182 B20201102
TOTOLINK A950RG version 4.1.2cu.5161 B20200903
TOTOLINK A3000RU version 5.9c.5185 B20201128
TOTOLINK A3100R version 4.1.2cu.5247 B20211129
Description
A buffer overflow issue was discovered in the downloadFile.cgi of the affected TOTOLINK devices.
Recommendations
For TOTOLINK A830R version 4.1.2cu.5182 B20201102, consider disabling access to the downloadFile.cgi until a patch is available.
For TOTOLINK A950RG version 4.1.2cu.5161 B20200903, restrict the use of the downloadFile.cgi to minimize the risk of exploitation.
For TOTOLINK A3000RU version 5.9c.5185 B20201128, avoid using the downloadFile.cgi until the issue is resolved.
For TOTOLINK A3100R version 4.1.2cu.5247 B20211129, consider applying configuration changes to limit access to the downloadFile.cgi as a temporary workaround.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3000Ru
Totolink A3100R
Totolink A830R
Totolink A950Rg