Buffer Overflow Vulnerability in TOTOLINK A3300R Router
CVE-2025-12258

8.7HIGH

Key Information:

Vendor: Totolink
Status: A3300r
Vendor: CVE Published:; 27 October 2025

🔔 Create Totolink Vulnerability Alert

What is CVE-2025-12258?

A vulnerability was identified in the TOTOLINK A3300R router, specifically within the function setOpModeCfg located in the /cgi-bin/cstecgi.cg file. This flaw allows for a stack-based buffer overflow due to improper handling of the opmode parameter. An attacker can exploit this vulnerability remotely, potentially leading to unauthorized access or control over the affected device.

Affected Version(s)

A3300R 17.0.0cu.557_B20221024

References

https://vuldb.com/?id.329929

vdb-entrytechnical-description

https://vuldb.com/?ctiid.329929

signaturepermissions-required

https://vuldb.com/?submit.673725

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Oct 26, 2025

Credit

wxhwxhwxh_ (VulDB User)

.

CVE-2025-12258 : Buffer Overflow Vulnerability in TOTOLINK A3300R Router