Vulnerability Description
A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totolink | N600R Firmware | <= 4.3.0cu.7866_b2022506 |
| Totolink | N600R | - |
Related Weaknesses (CWE)
References
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkExploitThird Party Advisory
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkExploit
- https://vuldb.com/?ctiid.327381Permissions RequiredVDB Entry
- https://vuldb.com/?id.327381Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.666915Third Party AdvisoryVDB Entry
- https://www.totolink.net/Product
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkExploitThird Party Advisory
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkExploit
FAQ
What is CVE-2025-11444?
CVE-2025-11444 is a vulnerability with a CVSS score of 8.8 (HIGH). A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request H...
How severe is CVE-2025-11444?
CVE-2025-11444 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11444?
Check the references section above for vendor advisories and patch information. Affected products include: Totolink N600R Firmware, Totolink N600R.