CVE-2025-4496

Published: May 10, 2025Modified: Jul 29, 2025

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected (7)

Products: Totolink: A3000ru Firmware, A810r Firmware, T10 Firmware, A3100r Firmware, A950rg Firmware, A800r Firmware, N600r Firmware

7 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3000ru Firmware	Version 4.1.8cu.5241_b20210927

Running on/with	Platform Versions
Totolink A3000ru	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A810r Firmware	Version 4.1.8cu.5241_b20210927

Running on/with	Platform Versions
Totolink A810r	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink T10 Firmware	Version 4.1.8cu.5241_b20210927

Running on/with	Platform Versions
Totolink T10	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3100r Firmware	Version 4.1.8cu.5241_b20210927

Running on/with	Platform Versions
Totolink A3100r	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A950rg Firmware	Version 4.1.8cu.5241_b20210927

Running on/with	Platform Versions
Totolink A950rg	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A800r Firmware	Version 4.1.8cu.5241_b20210927

Running on/with	Platform Versions
Totolink A800r	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N600r Firmware	Version 4.1.8cu.5241_b20210927

Running on/with	Platform Versions
Totolink N600r	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (6)

https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.md

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.308212

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.308212

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.567081

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.totolink.net/

Source: cna@vuldb.com

Product

https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Broken Link

Timeline

No history available yet.