CVE-2025-28032

HIGH

TOTOLINK A800R/A810R/A830R/A950RG/A3000RU/A3100R - Stack Overflow via setNoticeCfg IpForm

Title source: llm

Description

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://locrian-lightning-dc7.notion.site/BufferOverflow6-19f8e5e2b1a28052bda1f6ede9db341d

Scores

CVSS v3 7.3

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (6)

totolink/a3000ru_firmware 5.9c.5185_b20201128

totolink/a3100r_firmware 4.1.2cu.5247_b20211129

totolink/a800r_firmware 4.1.2cu.5137_b20200730

totolink/a810r_firmware 4.1.2cu.5182_b20201026

totolink/a830r_firmware 4.1.2cu.5182_b20201102

totolink/a950rg_firmware 4.1.2cu.5161_b20200903

Published Apr 22, 2025

Tracked Since Feb 18, 2026