Remote Code Execution Vulnerability in TOTOLINK A3100R Wireless Router
CVE-2025-28256

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: A3100R
Vendor: CVE Published:; 28 March 2025

Summary

The TOTOLINK A3100R wireless router has a vulnerability that allows remote attackers to execute arbitrary code. This security issue arises from the setWebWlanIdx method within the /lib/cste_modules/wireless.so file. Exploiting this flaw can lead to compromised devices, unauthorized access, and potential control over the router's functionalities, thereby posing significant risks to users’ network security. It is essential for users to apply the necessary updates to mitigate against potential exploitation.

References

https://github.com/ZackSecurity/VulnerReport/blob/cve/tot...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 11, 2025