CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-28037

TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.029

EPSS Ranking 85.5%

CVSS Severity

CVSS v3 Score 9.8

References

https://locrian-lightning-dc7.notion.site/RCE3-1ad8e5e2b1a280e192e8cff9fef896cc
https://locrian-lightning-dc7.notion.site/RCE3-1ad8e5e2b1a280e192e8cff9fef896cc

Products affected by CVE-2025-28037

Totolink » A810r » Version: N/A

cpe:2.3:h:totolink:a810r:-
Totolink » A950rg » Version: N/A

cpe:2.3:h:totolink:a950rg:-
Totolink » A810r Firmware » Version: 4.1.2cu.5182_b20201026

cpe:2.3:o:totolink:a810r_firmware:4.1.2cu.5182_b20201026
Totolink » A950rg Firmware » Version: 4.1.2cu.5182_b20201026

cpe:2.3:o:totolink:a950rg_firmware:4.1.2cu.5182_b20201026

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-28037

Products

Pricing

Contact Us