[CVE-ID]

CVE-2025-28030

[PRODUCT]

TOTOLINK

[Vendor of Product]

https://www.totolink.net/

[VERSION]

V4.1.2cu.5182_B20201026

[Firmware]

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/166/ids/36.html

image.png

[Vulnerability Type]

BufferOverflow

[Description]

TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function.

image.png

其中startTime,endTime用户可控,由于sprintf没有进行长度检查就将v12,v13拷贝到v17中,最终造成了缓冲区溢出,strcpy没有经过长度校验就将v17拷贝到v16中,造成了缓冲区溢出问题

image.png