CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4496

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

Products affected by CVE-2025-4496

Totolink » A3000ru » Version: N/A

cpe:2.3:h:totolink:a3000ru:-
Totolink » A3100r » Version: N/A

cpe:2.3:h:totolink:a3100r:-
Totolink » A800r » Version: N/A

cpe:2.3:h:totolink:a800r:-
Totolink » A810r » Version: N/A

cpe:2.3:h:totolink:a810r:-
Totolink » A950rg » Version: N/A

cpe:2.3:h:totolink:a950rg:-
Totolink » N600r » Version: N/A

cpe:2.3:h:totolink:n600r:-
Totolink » T10 » Version: N/A

cpe:2.3:h:totolink:t10:-
Totolink » A3000ru Firmware » Version: 4.1.8cu.5241_b20210927

cpe:2.3:o:totolink:a3000ru_firmware:4.1.8cu.5241_b20210927
Totolink » A3100r Firmware » Version: 4.1.8cu.5241_b20210927

cpe:2.3:o:totolink:a3100r_firmware:4.1.8cu.5241_b20210927
Totolink » A800r Firmware » Version: 4.1.8cu.5241_b20210927

cpe:2.3:o:totolink:a800r_firmware:4.1.8cu.5241_b20210927
Totolink » A810r Firmware » Version: 4.1.8cu.5241_b20210927

cpe:2.3:o:totolink:a810r_firmware:4.1.8cu.5241_b20210927
Totolink » A950rg Firmware » Version: 4.1.8cu.5241_b20210927

cpe:2.3:o:totolink:a950rg_firmware:4.1.8cu.5241_b20210927
Totolink » N600r Firmware » Version: 4.1.8cu.5241_b20210927

cpe:2.3:o:totolink:n600r_firmware:4.1.8cu.5241_b20210927
Totolink » T10 Firmware » Version: 4.1.8cu.5241_b20210927

cpe:2.3:o:totolink:t10_firmware:4.1.8cu.5241_b20210927

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-4496

Products

Pricing

Contact Us