Buffer Overflow Vulnerability in TOTOLINK Routers
CVE-2025-28026

7.3HIGH

Key Information:

Vendor: TOTOLINK
Status: TOTOLINK Routers
Vendor: CVE Published:; 22 April 2025

Summary

TOTOLINK routers are susceptible to a buffer overflow vulnerability in the component downloadFile.cgi, affecting specific versions of the A830R, A950RG, A3000RU, and A3100R models. This vulnerability could allow an attacker to execute arbitrary code, potentially leading to unauthorized access or control over the affected devices.

References

https://locrian-lightning-dc7.notion.site/BufferOverflow3...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Mar 11, 2025