CVE-2025-28028

HIGH

Totolink A830r Firmware - Buffer Overflow

Title source: rule

Description

TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.

References (2)

[Exploit, Third Party Advisory] https://locrian-lightning-dc7.notion.site/BufferOverflow4-1948e5e2b1a280b9809af4db6f9e65d1

[Exploit, Third Party Advisory] https://locrian-lightning-dc7.notion.site/CVE-2025-28028-BufferOverflow4-1948e5e2b1a280b9809af4db6f9e65d1

Scores

CVSS v3 7.3

EPSS 0.0032

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-120

Status published

Affected Products (4)

totolink/a830r_firmware

totolink/a950rg_firmware

totolink/a3000ru_firmware

totolink/a3100r_firmware

Timeline

Published Apr 23, 2025

Tracked Since Feb 18, 2026