Details of VAR-202505-0271

ID

VAR-202505-0271

CVE

CVE-2025-4496

TITLE

plural TOTOLINK Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2025-010277

DESCRIPTION

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. A3000RU firmware, A810R firmware, t10 firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-4496 // JVNDB: JVNDB-2025-010277

AFFECTED PRODUCTS

vendor:	totolink	model:	a950rg	scope:	eq	version:	4.1.8cu.5241_b20210927	Trust: 1.0
vendor:	totolink	model:	a3000ru	scope:	eq	version:	4.1.8cu.5241_b20210927	Trust: 1.0
vendor:	totolink	model:	a3100r	scope:	eq	version:	4.1.8cu.5241_b20210927	Trust: 1.0
vendor:	totolink	model:	t10	scope:	eq	version:	4.1.8cu.5241_b20210927	Trust: 1.0
vendor:	totolink	model:	n600r	scope:	eq	version:	4.1.8cu.5241_b20210927	Trust: 1.0
vendor:	totolink	model:	a810r	scope:	eq	version:	4.1.8cu.5241_b20210927	Trust: 1.0
vendor:	totolink	model:	a800r	scope:	eq	version:	4.1.8cu.5241_b20210927	Trust: 1.0
vendor:	totolink	model:	a3100r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a800r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	t10	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n600r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a810r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a950rg	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3000ru	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-010277 // NVD: CVE-2025-4496

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-4496
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-4496
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-010277
value:	CRITICAL
Trust: 0.8

cna@vuldb.com:	CVE-2025-4496
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-010277
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2025-4496
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-4496
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-010277
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-010277 // NVD: CVE-2025-4496 // NVD: CVE-2025-4496

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-010277 // NVD: CVE-2025-4496

EXTERNAL IDS

db:	NVD	id:	CVE-2025-4496	Trust: 2.6
db:	VULDB	id:	308212	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-010277	Trust: 0.8

sources: JVNDB: JVNDB-2025-010277 // NVD: CVE-2025-4496

REFERENCES

url:	https://vuldb.com/?id.308212	Trust: 1.8
url:	https://vuldb.com/?submit.567081	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://vuldb.com/?ctiid.308212	Trust: 1.0
url:	https://github.com/ch13hh/tmp_store_cc/blob/main/tt/ta/1.md	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-4496	Trust: 0.8

sources: JVNDB: JVNDB-2025-010277 // NVD: CVE-2025-4496

SOURCES

db:	JVNDB	id:	JVNDB-2025-010277
db:	NVD	id:	CVE-2025-4496

LAST UPDATE DATE

2025-08-02T22:57:04.093000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-010277	date:	2025-07-30T09:02:00
db:	NVD	id:	CVE-2025-4496	date:	2025-07-29T14:42:19.960

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-010277	date:	2025-07-30T00:00:00
db:	NVD	id:	CVE-2025-4496	date:	2025-05-10T05:15:50.610