Sign-up

ID

VAR-202504-3472


CVE

CVE-2025-28018


TITLE

TOTOLINK  of  a800r  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004392

DESCRIPTION

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. TOTOLINK of a800r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A800R is a wireless router from China's TOTOLINK Electronics. The vulnerability is caused by the failure of the v14 parameter in downloadFile.cgi to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-28018 // JVNDB: JVNDB-2025-004392 // CNVD: CNVD-2025-09851

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-09851

AFFECTED PRODUCTS

vendor:totolinkmodel:a800rscope:eqversion:4.1.2cu.5137_b20200730

Trust: 1.0

vendor:totolinkmodel:a800rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a800rscope:eqversion:a800r firmware 4.1.2cu.5137 b20200730

Trust: 0.8

vendor:totolinkmodel:a800rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a800r v4.1.2cu.5137 b20200730scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-09851 // JVNDB: JVNDB-2025-004392 // NVD: CVE-2025-28018

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-28018
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-004392
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-09851
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-09851
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-28018
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-004392
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-09851 // JVNDB: JVNDB-2025-004392 // NVD: CVE-2025-28018

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004392 // NVD: CVE-2025-28018

EXTERNAL IDS

db:NVDid:CVE-2025-28018

Trust: 3.2

db:JVNDBid:JVNDB-2025-004392

Trust: 0.8

db:CNVDid:CNVD-2025-09851

Trust: 0.6

sources: CNVD: CNVD-2025-09851 // JVNDB: JVNDB-2025-004392 // NVD: CVE-2025-28018

REFERENCES

url:https://locrian-lightning-dc7.notion.site/bufferoverflow2-1948e5e2b1a28070a8d1d1ba725febff

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-28018

Trust: 0.8

sources: CNVD: CNVD-2025-09851 // JVNDB: JVNDB-2025-004392 // NVD: CVE-2025-28018

SOURCES

db:CNVDid:CNVD-2025-09851
db:JVNDBid:JVNDB-2025-004392
db:NVDid:CVE-2025-28018

LAST UPDATE DATE

2025-05-17T03:44:02.309000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-09851date:2025-05-15T00:00:00
db:JVNDBid:JVNDB-2025-004392date:2025-05-07T07:59:00
db:NVDid:CVE-2025-28018date:2025-05-06T20:35:45.600

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-09851date:2025-05-13T00:00:00
db:JVNDBid:JVNDB-2025-004392date:2025-05-07T00:00:00
db:NVDid:CVE-2025-28018date:2025-04-23T17:16:52.800