CVE-2025-11444

Sažetak

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Reference

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md#reproduce
https://vuldb.com/?ctiid.327381
https://vuldb.com/?id.327381
https://vuldb.com/?submit.666915
https://www.totolink.net/
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md#reproduce

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

14-10-2025 - 20:16

Objavljeno

08-10-2025 - 08:15