[CVE-ID]

CVE-2025-28019

[PRODUCT]

TOTOLINK

[Vendor of Product]

https://www.totolink.net/

[VERSION]

V4.1.2cu.5137_B20200730

[Firmware]

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/166/ids/36.html

image.png

[Vulnerability Type]

BufferOverflow

[Description]

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi

v14 is the user input, and v3 retrieves the position of the '=' character in v14. Subsequently, strcpy is used to copy the substring after '=' into v25, which has a fixed size of 512 bytes. Since the program does not limit the copy size during the strcpy operation, this ultimately leads to a buffer overflow vulnerability.

image.png

[poc]