CVE 8.7 HIGH

TOTOLINK A3300R cstecgi.cgi setDmzCfg buffer overflow_CVE-2025-12240

October 27, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

AI Analysis

Buffer overflow vulnerability in TOTOLINK A3300R via the setDmzCfg function in /cgi-bin/cstecgi.cgi, allowing remote exploitation.

Basic Information

ID CVE-2025-12240

Source VulDB

Published Oct 27, 2025 at 06:32

Affected Product

Vendor TOTOLINK

Product A3300R

Version 17.0.0cu.557_B20221024

Affected Versions TOTOLINK A3300R 17.0.0cu.557_B20221024

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor TOTOLINK

Product A3300R

Version 17.0.0cu.557_B20221024

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2025-10-27T06:32:14.914Z",
    "modified": "2025-10-27T06:32:14.914Z",
    "type": "cve",
    "title": "TOTOLINK A3300R cstecgi.cgi setDmzCfg buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329910\nhttps://vuldb.com/?ctiid.329910\nhttps://vuldb.com/?submit.673722\nhttps://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setDmzCfg.md\nhttps://www.totolink.net/",
    "id": "CVE-2025-12240",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK A3300R 17.0.0cu.557_B20221024",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "A3300R",
    "version": "17.0.0cu.557_B20221024",
    "vendor": "TOTOLINK",
    "ai_description": "Buffer overflow vulnerability in TOTOLINK A3300R via the setDmzCfg function in /cgi-bin/cstecgi.cgi, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "TOTOLINK",
    "ai_product": "A3300R",
    "ai_version": "17.0.0cu.557_B20221024",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply