CVE 9.8 CRITICAL

CVE-2025-67189_CVE-2025-67189

February 5, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution.

AI Analysis

Buffer overflow vulnerability in TOTOLINK A950RG setParentalRules interface

Basic Information

ID CVE-2025-67189

Source mitre

Published Feb 3, 2026 at 00:00

Modified Feb 5, 2026 at 14:36

Affected Product

Vendor TOTOLINK

Product A950RG

Version V4.1.2cu.5204_B20210112

Affected Versions n/a n/a n/a

CWE Classification

CWE-120

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor TOTOLINK

Product A950RG

Version V4.1.2cu.5204_B20210112

References

github.com /SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setParentalRules-urlKeyWord-buffer.md

{
    "lastseen": "",
    "description": "A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution.",
    "published": "2026-02-03T00:00:00.000Z",
    "modified": "2026-02-05T14:36:09.479Z",
    "type": "cve",
    "title": "CVE-2025-67189",
    "source": "mitre",
    "references": "https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setParentalRules-urlKeyWord-buffer.md",
    "id": "CVE-2025-67189",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "A950RG",
    "version": "V4.1.2cu.5204_B20210112",
    "vendor": "TOTOLINK",
    "ai_description": "Buffer overflow vulnerability in TOTOLINK A950RG setParentalRules interface",
    "ai_severity": "Critical",
    "ai_vendor": "TOTOLINK",
    "ai_product": "A950RG",
    "ai_version": "V4.1.2cu.5204_B20210112",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply