CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-28138

The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.046

EPSS Ranking 88.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/Zerone0x00/CVE/blob/main/TOTOLINK/CVE-2025-28138.md
https://sudsy-eyeliner-a59.notion.site/RCE2-1ac72b8cd95f8055a76ee0ca262aac1a?pvs=4
https://sudsy-eyeliner-a59.notion.site/RCE2-1ac72b8cd95f8055a76ee0ca262aac1a?pvs=4

Products affected by CVE-2025-28138

Totolink » A800r » Version: N/A

cpe:2.3:h:totolink:a800r:-
Totolink » A800r Firmware » Version: 4.1.2cu.5137_b20200730

cpe:2.3:o:totolink:a800r_firmware:4.1.2cu.5137_b20200730

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-28138

Products

Pricing

Contact Us