CVE-2025-28037OS Command Injection in A810r Firmware

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
7.5%
top 8.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A810r FirmwareTotolink A950rg Firmware
Timeline
PublishedApr 22

Description

TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDtotolink/a810r_firmware4.1.2cu.5182_b20201026
NVDtotolink/a950rg_firmware4.1.2cu.5182_b20201026

🔴Vulnerability Details

2
CVEList
CVE-2025-28037: TOTOLINK A810R V42025-04-22
GHSA
GHSA-x7cp-g8mq-6p3p: TOTOLINK A810R V42025-04-22
CVE-2025-28037 — OS Command Injection in A810r Firmware | cvebase