Buffer Overflow Vulnerability in TOTOLINK A800R Router
CVE-2025-28019

7.3HIGH

Key Information:

Vendor: TOTOLINK
Status: A800R
Vendor: CVE Published:; 23 April 2025

Summary

The TOTOLINK A800R router version V4.1.2cu.5137_B20200730 has a vulnerability in its downloadFile.cgi component, which could lead to a buffer overflow. This flaw allows attackers to potentially execute arbitrary code by sending specially crafted requests, compromising the security and integrity of the device.

References

https://locrian-lightning-dc7.notion.site/BufferOverflow1...

https://locrian-lightning-dc7.notion.site/CVE-2025-28019-...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Mar 11, 2025