CVE 8.7 HIGH

TOTOLINK A3300R cstecgi.cgi setDdnsCfg buffer overflow_CVE-2025-12239

October 27, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

AI Analysis

Buffer overflow vulnerability in TOTOLINK A3300R via the setDdnsCfg function in /cgi-bin/cstecgi.cgi, allowing remote exploitation.

Basic Information

ID CVE-2025-12239

Source VulDB

Published Oct 27, 2025 at 06:32

Affected Product

Vendor TOTOLINK

Product A3300R

Version 17.0.0cu.557_B20221024

Affected Versions TOTOLINK A3300R 17.0.0cu.557_B20221024

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor TOTOLINK

Product A3300R

Version 17.0.0cu.557_B20221024

References

{
    "lastseen": "",
    "description": "A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.",
    "published": "2025-10-27T06:32:10.266Z",
    "modified": "2025-10-27T06:32:10.266Z",
    "type": "cve",
    "title": "TOTOLINK A3300R cstecgi.cgi setDdnsCfg buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329909\nhttps://vuldb.com/?ctiid.329909\nhttps://vuldb.com/?submit.673721\nhttps://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setDdnsCfg.md\nhttps://www.totolink.net/",
    "id": "CVE-2025-12239",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK A3300R 17.0.0cu.557_B20221024",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "A3300R",
    "version": "17.0.0cu.557_B20221024",
    "vendor": "TOTOLINK",
    "ai_description": "Buffer overflow vulnerability in TOTOLINK A3300R via the setDdnsCfg function in /cgi-bin/cstecgi.cgi, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "TOTOLINK",
    "ai_product": "A3300R",
    "ai_version": "17.0.0cu.557_B20221024",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply