CVE-2025-28032

HIGH

Totolink A800r Firmware - Stack Buffer Overflow

Title source: rule

Description

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.

References (1)

[Exploit, Third Party Advisory] https://locrian-lightning-dc7.notion.site/BufferOverflow6-19f8e5e2b1a28052bda1f6ede9db341d

Scores

CVSS v3 7.3

EPSS 0.0032

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-121

Status published

Affected Products (6)

totolink/a800r_firmware

totolink/a810r_firmware

totolink/a830r_firmware

totolink/a950rg_firmware

totolink/a3000ru_firmware

totolink/a3100r_firmware

Timeline

Published Apr 22, 2025

Tracked Since Feb 18, 2026