CVE-2025-28033

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://locrian-lightning-dc7.notion.site/BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c
https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c

Configurations

No configuration.

History

23 Apr 2025, 15:15

Type	Values Removed	Values Added
References		() https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c -
CWE		CWE-121
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3

23 Apr 2025, 14:08

Type	Values Removed	Values Added
Summary		(es) Se descubrió que TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128 y A3100R V4.1.2cu.5247_B20211129 contenían una vulnerabilidad de desbordamiento de búfer previo a la autorización en la función setNoticeCfg a través del parámetro IpTo.

22 Apr 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-22 14:15

Updated : 2025-04-23 15:15

NVD link : CVE-2025-28033

Mitre link : CVE-2025-28033

CVE.ORG link : CVE-2025-28033

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

7.3 /10