VYPR
High severity8.8NVD Advisory· Published May 10, 2025· Updated Jun 17, 2026

CVE-2025-4496

CVE-2025-4496

Description

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected products

10
  • Totolink/A950RGllm-fuzzy2 versions
    4.1.8cu.5241_B20210927+ 1 more
    • (no CPE)range: 4.1.8cu.5241_B20210927
    • (no CPE)range: 4.1.8cu.5241_B20210927
  • Totolink/T10llm-fuzzy2 versions
    4.1.8cu.5241_B20210927+ 1 more
    • (no CPE)range: 4.1.8cu.5241_B20210927
    • (no CPE)range: 4.1.8cu.5241_B20210927
  • Totolink/A3100Rllm-fuzzy2 versions
    4.1.8cu.5241_B20210927+ 1 more
    • (no CPE)range: 4.1.8cu.5241_B20210927
    • (no CPE)range: 4.1.8cu.5241_B20210927
  • Totolink/A3000RUcpe-rescue
    Range: 4.1.8cu.5241_B20210927
  • Totolink/A8000RUcpe-rescue
    Range: 4.1.8cu.5241_B20210927
  • Totolink/A810Rcpe-rescue
    Range: 4.1.8cu.5241_B20210927
  • Totolink/N600Rcpe-rescue
    Range: 4.1.8cu.5241_B20210927

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.