CVE-2025-28033

TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
mitreCNA
---
---
CISA-ADPADP
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
totolinka800r_firmware
4.1.2cu.5137_b20200730:cu.5137_b20200730
totolinka810r_firmware
4.1.2cu.5182_b20201026:cu.5182_b20201026
totolinka830r_firmware
4.1.2cu.5182_b20201102:cu.5182_b20201102
totolinka950rg_firmware
4.1.2cu.5161_b20200903:cu.5161_b20200903
totolinka3000ru_firmware
5.9c.5185_b20201128:c.5185_b20201128
totolinka3100r_firmware
4.1.2cu.5247_b20211129:cu.5247_b20211129
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://locrian-lightning-dc7.notion.site/BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c
https://locrian-lightning-dc7.notion.site/CVE-2025-28033-BufferOverflow7-1a98e5e2b1a280708d6ec6155ce88d8c