CVE-2025-67188

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 47.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink A950rg Firmware

Timeline

PublishedFeb 3

Description

A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attackers to trigger a stack buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtotolink/a950rg_firmware4.1.2cu.5204_b20210112

🔴Vulnerability Details

CVEList

CVE-2025-67188: A buffer overflow vulnerability exists in TOTOLINK A950RG V4↗2026-02-03

▶

GHSA

GHSA-wv35-4hfx-h763: A buffer overflow vulnerability exists in TOTOLINK A950RG V4↗2026-02-03

▶