VYPR
Critical severity9.8NVD Advisory· Published Apr 22, 2025· Updated Jun 17, 2026

CVE-2025-28037

CVE-2025-28037

Description

TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.

Affected products

3
  • Totolink/A810Rcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: V4.1.2cu.5182_B20201026
  • Totolink/A950RGllm-fuzzy
    Range: V4.1.2cu.5161_B20200903

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.