PT-2025-17654 · Totolink · Totolink A950Rg+3
Published
2025-04-23
·
Updated
2025-04-23
·
CVE-2025-28025
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A830R version 4.1.2cu.5182 B20201102
TOTOLINK A950RG version 4.1.2cu.5161 B20200903
TOTOLINK A3000RU version 5.9c.5185 B20201128
TOTOLINK A3100R version 4.1.2cu.5247 B20211129
Description
A buffer overflow issue was discovered in the downloadFile.cgi endpoint through the
v14 parameter. This issue affects various TOTOLINK router models.Recommendations
For TOTOLINK A830R version 4.1.2cu.5182 B20201102, avoid using the
v14 parameter in the downloadFile.cgi endpoint until the issue is resolved.
For TOTOLINK A950RG version 4.1.2cu.5161 B20200903, restrict access to the downloadFile.cgi endpoint to minimize the risk of exploitation.
For TOTOLINK A3000RU version 5.9c.5185 B20201128, consider disabling the downloadFile.cgi endpoint temporarily until a patch is available.
For TOTOLINK A3100R version 4.1.2cu.5247 B20211129, limit the use of the v14 parameter in the downloadFile.cgi endpoint to prevent potential buffer overflow attacks.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3000Ru
Totolink A3100R
Totolink A830R
Totolink A950Rg