Sign-up

ID

VAR-202504-3327


CVE

CVE-2025-28024


TITLE

TOTOLINK  of  A810R  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004116

DESCRIPTION

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi. TOTOLINK of A810R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A810R is a wireless dual-band router from China's TOTOLINK Electronics. The vulnerability is caused by cstecgi.cgi failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-28024 // JVNDB: JVNDB-2025-004116 // CNVD: CNVD-2025-09861

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-09861

AFFECTED PRODUCTS

vendor:totolinkmodel:a810rscope:eqversion:4.1.2cu.5182_b20201026

Trust: 1.0

vendor:totolinkmodel:a810rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a810rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a810rscope:eqversion:a810r firmware 4.1.2cu.5182 b20201026

Trust: 0.8

vendor:totolinkmodel:a810r v4.1.2cu.5182 b20201026scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-09861 // JVNDB: JVNDB-2025-004116 // NVD: CVE-2025-28024

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-28024
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-004116
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-09861
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-09861
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-28024
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-004116
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-09861 // JVNDB: JVNDB-2025-004116 // NVD: CVE-2025-28024

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004116 // NVD: CVE-2025-28024

EXTERNAL IDS

db:NVDid:CVE-2025-28024

Trust: 3.2

db:JVNDBid:JVNDB-2025-004116

Trust: 0.8

db:CNVDid:CNVD-2025-09861

Trust: 0.6

sources: CNVD: CNVD-2025-09861 // JVNDB: JVNDB-2025-004116 // NVD: CVE-2025-28024

REFERENCES

url:https://locrian-lightning-dc7.notion.site/bufferoverflow5-1978e5e2b1a2800caaced7ae3fb4783c

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-28024

Trust: 0.8

sources: CNVD: CNVD-2025-09861 // JVNDB: JVNDB-2025-004116 // NVD: CVE-2025-28024

SOURCES

db:CNVDid:CNVD-2025-09861
db:JVNDBid:JVNDB-2025-004116
db:NVDid:CVE-2025-28024

LAST UPDATE DATE

2025-05-17T03:46:14.683000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-09861date:2025-05-15T00:00:00
db:JVNDBid:JVNDB-2025-004116date:2025-04-30T07:03:00
db:NVDid:CVE-2025-28024date:2025-04-29T16:21:01.237

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-09861date:2025-05-13T00:00:00
db:JVNDBid:JVNDB-2025-004116date:2025-04-30T00:00:00
db:NVDid:CVE-2025-28024date:2025-04-22T16:15:44.997