CVE-2025-9303

HIGH

TOTOLINK A720R 4.1.5cu.630_B20250509 - Buffer Overflow

Title source: llm

Description

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

References (6)

[Exploit, Third Party Advisory] https://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md#poc

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.320908

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.320908

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.632410

[Third Party Advisory, VDB Entry] https://www.totolink.net/

Scores

CVSS v3 8.8

EPSS 0.0075

EPSS Percentile 72.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119 CWE-120

Status published

Affected Products (1)

totolink/a720r_firmware

Timeline

Published Aug 21, 2025

Tracked Since Feb 18, 2026