CVE-2025-4496

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.7HIGH

EPSS

0.6%

top 29.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink A3000ru Totolink A3100r Totolink A800r +11 more

Timeline

PublishedMay 10

Description

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages14 packages

▶CVEListV5totolink/a800r4.1.8cu.5241_B20210927

▶CVEListV5totolink/a810r4.1.8cu.5241_B20210927

▶CVEListV5totolink/n600r4.1.8cu.5241_B20210927

▶CVEListV5totolink/a3100r4.1.8cu.5241_B20210927

▶CVEListV5totolink/a950rg4.1.8cu.5241_B20210927

🔴Vulnerability Details

CVEList

TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow↗2025-05-10

▶

GHSA

GHSA-96qf-wf2v-wxvc: A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4↗2025-05-10

▶