Buffer Overflow Vulnerability in TOTOLINK Routers
CVE-2025-4496

8.7HIGH

Key Information:

Vendor

Totolink
Status
T10
A3100r
A950rg
A800r
Vendor
CVE Published:
10 May 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-4496?

A vulnerability has been identified in several TOTOLINK router models, specifically related to the CloudACMunualUpdate function in the cstecgi.cgi file. This issue arises from improper handling of the FileName argument, which can lead to a buffer overflow condition. The vulnerability can be exploited remotely, allowing attackers to manipulate the argument and potentially gain unauthorized access or execute arbitrary code. The flaw affects the firmware version 4.1.8cu.5241_B20210927 across multiple TOTOLINK models, posing a significant security risk to users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

A3000RU 4.1.8cu.5241_B20210927

A3100R 4.1.8cu.5241_B20210927

A800R 4.1.8cu.5241_B20210927

References

https://vuldb.com/?id.308212
vdb-entrytechnical-description
https://vuldb.com/?ctiid.308212
signaturepermissions-required
https://vuldb.com/?submit.567081
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

BabyShark (VulDB User)
JSON
.