CVE-2025-67189

Published: Feb 3, 2026Modified: Feb 10, 2026

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution.

Affected (1)

Products: Totolink: A950rg Firmware

1 product

A950rg Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A950rg Firmware	Version 4.1.2cu.5204_b20210112

Running on/with	Platform Versions
Totolink A950rg	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setParentRules-urlKeyWord-buffer.md

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.