[CVE-ID]

CVE-2025-28024

[PRODUCT]

TOTOLINK

[Vendor of Product]

https://www.totolink.net/

[VERSION]

V4.1.2cu.5182_B20201026

[Firmware]

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/166/ids/36.html

image.png

[Vulnerability Type]

BufferOverflow

[Description]

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi

The V28 parameter is user-controlled. Then, within V28, the string "CSAuthUrl=" is searched for and its position is returned to V27. Afterwards, V27 is passed into V33 via sprintf, which does not check the size of the destination buffer V33. If the string pointed to by (V27 + 10) is too long, the formatted output may exceed the capacity of V33, resulting in a buffer overflow.

image.png

POC