CVE-2025-4496

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOLINK T10 version 4.1.8cu.5241 B20210927 TOTOLINK A3100R version 4.1.8cu.5241 B20210927 TOTOLINK A950RG version 4.1.8cu.5241 B20210927 TOTOLINK A800R version 4.1.8cu.5241 B20210927 TOTOLINK N600R version 4.1.8cu.5241 B20210927 TOTOLINK A3000RU version 4.1.8cu.5241 B20210927 TOTOLINK A810R version 4.1.8cu.5241 B20210927

Description A critical vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2025-05813

CVE-2025-4496

Affected Products

Totolink A3000Ru

Totolink A3100R

Totolink A800R

Totolink A810R

Totolink A950Rg

Totolink N600R

Totolink T10

CVE-2025-4496

Weakness Enumeration

Related Identifiers

Affected Products

References · 21