Buffer Overflow Vulnerability in TOTOLINK A-Series Routers
CVE-2025-28027

7.3HIGH

Key Information:

Vendor: TOTOLINK
Status: A-Series Routers
Vendor: CVE Published:; 22 April 2025

Summary

A critical vulnerability has been identified in specific versions of TOTOLINK A-Series routers, featuring a buffer overflow issue in the downloadFile.cgi component. This flaw could allow an unauthorized user to execute arbitrary code, potentially leading to complete system compromise. It is crucial for users of the affected router models to apply the necessary updates to eliminate this security risk.

References

https://locrian-lightning-dc7.notion.site/BufferOverflow2...

https://locrian-lightning-dc7.notion.site/CVE-2025-28027-...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Mar 11, 2025