CVE-2025-9303Improper Restriction of Operations within the Bounds of a Memory Buffer in A720r

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.6%
top 31.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink A720rTotolink A720r Firmware
Timeline
PublishedAug 21

Description

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/a720r4.1.5cu.630_B20250509
NVDtotolink/a720r_firmware4.1.5cu.630_b20250509

🔴Vulnerability Details

2
GHSA
GHSA-xr89-g3xx-9x48: A security flaw has been discovered in TOTOLINK A720R 42025-08-21
CVEList
TOTOLINK A720R cstecgi.cgi setParentalRules buffer overflow2025-08-21
CVE-2025-9303 — Totolink A720r vulnerability | cvebase