CVE-2025-28017

Name of the Vulnerable Software and Affected Versions TOTOLINK A800R version 4.1.2cu.5032 B20200408

Description The issue concerns a Command Injection vulnerability in the downloadFile.cgi file via the QUERY STRING parameter. This allows for potential exploitation. There is a high risk of exploitation in the next 30 days.

Recommendations For TOTOLINK A800R version 4.1.2cu.5032 B20200408, consider disabling access to the downloadFile.cgi file until a patch is available. Restrict the use of the QUERY STRING parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.