[CVE-ID]
CVE-2025-28018
[PRODUCT]
TOTOLINK
[Vendor of Product]
[VERSION]
V4.1.2cu.5137_B20200730
[Firmware]
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/166/ids/36.html
[Vulnerability Type]
BufferOverflow
[Description]
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi
The v14 parameter is user-controllable and is subsequently passed into v24 via the sprintf function. Since there is no size restriction during this process, it ultimately leads to a buffer overflow vulnerability.
