TOTOLINK A720R cstecgi.cgi setParentalRules buffer overflow_CVE-2025-9303

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-9303

Source VulDB

Published Aug 21, 2025 at 14:32

Affected Product

Vendor TOTOLINK

Product A720R

Version 4.1.5cu.630_B20250509

Affected Versions TOTOLINK A720R 4.1.5cu.630_B20250509

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.",
    "published": "2025-08-21T14:32:07.463Z",
    "modified": "2025-08-21T14:32:07.463Z",
    "type": "cve",
    "title": "TOTOLINK A720R cstecgi.cgi setParentalRules buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320908\nhttps://vuldb.com/?ctiid.320908\nhttps://vuldb.com/?submit.632410\nhttps://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md\nhttps://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md#poc\nhttps://www.totolink.net/",
    "id": "CVE-2025-9303",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK A720R 4.1.5cu.630_B20250509",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "A720R",
    "version": "4.1.5cu.630_B20250509",
    "vendor": "TOTOLINK",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}