TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow_CVE-2025-11444

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Basic Information

ID CVE-2025-11444

Source VulDB

Published Oct 8, 2025 at 08:02

Affected Product

Vendor TOTOLINK

Product N600R

Version 4.3.0cu.7866_B20220506

Affected Versions TOTOLINK N600R 4.3.0cu.7866_B20220506

CWE Classification

CWE-120 CWE-119

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2025-10-08T08:02:10.203Z",
    "modified": "2025-10-08T08:02:10.203Z",
    "type": "cve",
    "title": "TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327381\nhttps://vuldb.com/?ctiid.327381\nhttps://vuldb.com/?submit.666915\nhttps://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md\nhttps://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md#reproduce\nhttps://www.totolink.net/",
    "id": "CVE-2025-11444",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK N600R 4.3.0cu.7866_B20220506",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N600R",
    "version": "4.3.0cu.7866_B20220506",
    "vendor": "TOTOLINK",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}