Sign-up

ID

VAR-202508-2065


CVE

CVE-2025-9303


TITLE

TOTOLINK  of  A720R  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015601

DESCRIPTION

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. TOTOLINK of A720R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK A702R is a wireless router manufactured by the Chinese company TOTOLINK, primarily used for home network connectivity and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability caused by a failure to properly validate the length of input data in the desc parameter. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-9303 // JVNDB: JVNDB-2025-015601 // CNVD: CNVD-2025-20793

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20793

AFFECTED PRODUCTS

vendor:totolinkmodel:a720rscope:eqversion:4.1.5cu.630_b20250509

Trust: 1.0

vendor:totolinkmodel:a720rscope:eqversion:a720r firmware 4.1.5cu.630 b20250509

Trust: 0.8

vendor:totolinkmodel:a720rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a720rscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a720r 4.1.5cu.630 b20250509scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-20793 // JVNDB: JVNDB-2025-015601 // NVD: CVE-2025-9303

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9303
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-9303
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-015601
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-20793
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-9303
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-015601
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-20793
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-9303
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-9303
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-015601
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-20793 // JVNDB: JVNDB-2025-015601 // NVD: CVE-2025-9303 // NVD: CVE-2025-9303

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-015601 // NVD: CVE-2025-9303

EXTERNAL IDS

db:NVDid:CVE-2025-9303

Trust: 3.2

db:VULDBid:320908

Trust: 1.8

db:JVNDBid:JVNDB-2025-015601

Trust: 0.8

db:CNVDid:CNVD-2025-20793

Trust: 0.6

sources: CNVD: CNVD-2025-20793 // JVNDB: JVNDB-2025-015601 // NVD: CVE-2025-9303

REFERENCES

url:https://github.com/lin-3-start/lin-cve/blob/main/totolink%20a720r/totolink-a720r.md

Trust: 1.8

url:https://github.com/lin-3-start/lin-cve/blob/main/totolink%20a720r/totolink-a720r.md#poc

Trust: 1.8

url:https://vuldb.com/?id.320908

Trust: 1.8

url:https://vuldb.com/?submit.632410

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-9303

Trust: 1.4

url:https://vuldb.com/?ctiid.320908

Trust: 1.0

sources: CNVD: CNVD-2025-20793 // JVNDB: JVNDB-2025-015601 // NVD: CVE-2025-9303

SOURCES

db:CNVDid:CNVD-2025-20793
db:JVNDBid:JVNDB-2025-015601
db:NVDid:CVE-2025-9303

LAST UPDATE DATE

2025-10-12T23:01:13.743000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20793date:2025-09-09T00:00:00
db:JVNDBid:JVNDB-2025-015601date:2025-10-10T01:07:00
db:NVDid:CVE-2025-9303date:2025-10-06T18:48:16.970

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20793date:2025-09-08T00:00:00
db:JVNDBid:JVNDB-2025-015601date:2025-10-10T00:00:00
db:NVDid:CVE-2025-9303date:2025-08-21T15:15:37.067