Buffer Overflow Vulnerability in TOTOLINK Routers
CVE-2025-4496

8.7HIGH

Key Information:

Vendor: Totolink
Status: T10; A3100r; A950rg; A800r
Vendor: CVE Published:; 10 May 2025

Badges

👾 Exploit Exists

What is CVE-2025-4496?

A vulnerability has been identified in several TOTOLINK router models, specifically related to the CloudACMunualUpdate function in the cstecgi.cgi file. This issue arises from improper handling of the FileName argument, which can lead to a buffer overflow condition. The vulnerability can be exploited remotely, allowing attackers to manipulate the argument and potentially gain unauthorized access or execute arbitrary code. The flaw affects the firmware version 4.1.8cu.5241_B20210927 across multiple TOTOLINK models, posing a significant security risk to users.

Affected Version(s)

A3000RU 4.1.8cu.5241_B20210927

A3100R 4.1.8cu.5241_B20210927

A800R 4.1.8cu.5241_B20210927

References

https://vuldb.com/?id.308212

vdb-entrytechnical-description

https://vuldb.com/?ctiid.308212

signaturepermissions-required

https://vuldb.com/?submit.567081

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 10, 2025
Vulnerability published
May 10, 2025
Vulnerability Reserved
May 9, 2025

Credit

BabyShark (VulDB User)

Totolink

Badges

What is CVE-2025-4496?

Affected Version(s)

References

CVSS V4

Timeline

Credit