CVE-2025-67189

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 72.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink A950rg Firmware
Timeline
PublishedFeb 3

Description

A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDtotolink/a950rg_firmware4.1.2cu.5204_b20210112

🔴Vulnerability Details

2
CVEList
CVE-2025-67189: A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V42026-02-03
GHSA
GHSA-27qh-whg4-7h58: A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V42026-02-03
CVE-2025-67189 (MEDIUM CVSS 6.5) | A buffer overflow vulnerability exi | cvebase.io