CVE-2025-28026

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Apr 22, 2025

Updated: May 7, 2025

CWE ID 121

Summary

CVE-2025-28026 is a newly disclosed buffer overflow vulnerability affecting the downloadFile.cgi component in TOTOLINK routers with firmware versions V4.1.2cu.5182_B20201102 (A830R V4), V4.1.2cu.5161_B20200903 (A950RG V4), V5.9c.5185_B20201128 (A3000RU V5.9), and V4.1.2cu.5247_B20211129 (A3100R V4). An attacker could exploit this flaw by sending specially crafted data to the targeted device, which may result in memory corruption and, potentially, arbitrary code execution with the privileges of the affected process. This vulnerability poses a serious risk if not addressed promptly, as it may lead to unauthorized access, data theft, or other malicious activity. Users are urged to upgrade to the latest available firmware versions to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

TOTOLINK

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners