Unrated severityNVD Advisory· Published May 10, 2025· Updated May 12, 2025

TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow

CVE-2025-4496

Description

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected products

Totolink/A3100Rllm-create
Range: =4.1.8cu.5241_B20210927
Totolink/T10llm-fuzzy
Range: =4.1.8cu.5241_B20210927
TOTOLINK/A3000RUv5
Range: 4.1.8cu.5241_B20210927
TOTOLINK/A3100Rv5
Range: 4.1.8cu.5241_B20210927
TOTOLINK/A800Rv5
Range: 4.1.8cu.5241_B20210927
TOTOLINK/A810Rv5
Range: 4.1.8cu.5241_B20210927
TOTOLINK/A950RGv5
Range: 4.1.8cu.5241_B20210927
TOTOLINK/N600Rv5
Range: 4.1.8cu.5241_B20210927
TOTOLINK/T10v5
Range: 4.1.8cu.5241_B20210927

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.mdmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.totolink.netmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000