CVE-2025-45797

TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5204_b20210112:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*

History

16 May 2025, 15:36

Type Values Removed Values Added
CPE cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5204_b20210112:*:*:*:*:*:*:*
First Time Totolink
Totolink a950rg
Totolink a950rg Firmware
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 9.8
CWE CWE-787
References () https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setNoticeCFG-NoticURL-buffer.md - () https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setNoticeCFG-NoticURL-buffer.md - Exploit

12 May 2025, 19:15

Type Values Removed Values Added
CWE CWE-121
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

12 May 2025, 17:32

Type Values Removed Values Added
Summary
  • (es) TOTOlink A950RG V4.1.2cu.5204_B20210112 presenta una vulnerabilidad de desbordamiento de búfer. Esta vulnerabilidad se debe a la validación incorrecta del parámetro NoticeUrl en la interfaz setNoticeCfg de /lib/cste_modules/system.so.

08 May 2025, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-08 20:15

Updated : 2025-05-16 15:36


NVD link : CVE-2025-45797

Mitre link : CVE-2025-45797

CVE.ORG link : CVE-2025-45797


JSON object : View

Products Affected

totolink

  • a950rg
  • a950rg_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow