CVE-2025-12240

CWE-119Buffer OverflowCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.4HIGH
EPSS
0.6%
top 30.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A3300rTotolink A3300r Firmware
Timeline
PublishedOct 27

Description

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/a3300r17.0.0cu.557_B20221024
NVDtotolink/a3300r_firmware17.0.0cu.557_b20221024

🔴Vulnerability Details

2
GHSA
GHSA-j778-wm83-8cf7: A security vulnerability has been detected in TOTOLINK A3300R 172025-10-27
CVEList
TOTOLINK A3300R cstecgi.cgi setDmzCfg buffer overflow2025-10-27
CVE-2025-12240 (HIGH CVSS 7.4) | A security vulnerability has been d | cvebase.io