CVE-2025-28026

TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://locrian-lightning-dc7.notion.site/BufferOverflow3-19e8e5e2b1a28048b8ddd4afdbe18d55
https://locrian-lightning-dc7.notion.site/CVE-2025-28026-BufferOverflow3-19e8e5e2b1a28048b8ddd4afdbe18d55

Configurations

No configuration.

History

23 Apr 2025, 14:15

Type	Values Removed	Values Added
References		() https://locrian-lightning-dc7.notion.site/CVE-2025-28026-BufferOverflow3-19e8e5e2b1a28048b8ddd4afdbe18d55 -
CWE		CWE-121
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3

23 Apr 2025, 14:08

Type	Values Removed	Values Added
Summary		(es) Se descubrió que TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128 y A3100R V4.1.2cu.5247_B20211129 contenían una vulnerabilidad de desbordamiento de búfer en downloadFile.cgi.

22 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-22 18:15

Updated : 2025-04-23 14:15

NVD link : CVE-2025-28026

Mitre link : CVE-2025-28026

CVE.ORG link : CVE-2025-28026

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

7.3 /10