CVE-2025-9303

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
8.8 HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Common Weakness Enumeration
References
https://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md
https://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md#poc
https://vuldb.com/?ctiid.320908
https://vuldb.com/?id.320908
https://vuldb.com/?submit.632410
https://www.totolink.net/