Vulnerability Description
A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totolink | A3000Ru Firmware | 4.1.8cu.5241_b20210927 |
| Totolink | A3000Ru | - |
| Totolink | A810R Firmware | 4.1.8cu.5241_b20210927 |
| Totolink | A810R | - |
| Totolink | T10 Firmware | 4.1.8cu.5241_b20210927 |
| Totolink | T10 | - |
| Totolink | A3100R Firmware | 4.1.8cu.5241_b20210927 |
| Totolink | A3100R | - |
| Totolink | A950Rg Firmware | 4.1.8cu.5241_b20210927 |
| Totolink | A950Rg | - |
| Totolink | A800R Firmware | 4.1.8cu.5241_b20210927 |
| Totolink | A800R | - |
| Totolink | N600R Firmware | 4.1.8cu.5241_b20210927 |
| Totolink | N600R | - |
Related Weaknesses (CWE)
References
- https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.mdBroken Link
- https://vuldb.com/?ctiid.308212Permissions RequiredVDB Entry
- https://vuldb.com/?id.308212Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.567081Third Party AdvisoryVDB Entry
- https://www.totolink.net/Product
- https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.mdBroken Link
FAQ
What is CVE-2025-4496?
CVE-2025-4496 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunu...
How severe is CVE-2025-4496?
CVE-2025-4496 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-4496?
Check the references section above for vendor advisories and patch information. Affected products include: Totolink A3000Ru Firmware, Totolink A3000Ru, Totolink A810R Firmware, Totolink A810R, Totolink T10 Firmware.