Published: 10/05/2025 Updated: 12/05/2025

Critical Buffer Overflow in TOTOLINK Router Models via Remote CloudACMunualUpdate

A critical vulnerability exists in multiple TOTOLINK router models, including T10, A3100R, A950RG, A800R, N600R, A3000RU, and A810R running firmware version 4.1.8cu.5241_B20210927. The vulnerability is in the CloudACMunualUpdate function within the /cgi-bin/cstecgi.cgi file. By manipulating the FileName argument, an attacker can trigger a buffer overflow. This vulnerability can be exploited remotely, and since the exploit details have been made public, there is a potential risk of active attacks against these router models.

Vulnerable Product	Search on Vulmon	Subscribe to Product
totolink t10
totolink a3100r
totolink a950rg
totolink a800r
totolink n600r
totolink a3000ru
totolink a810r

CWE-119 CWE-120 https://nvd.nist.gov https://www.first.org/epss https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.md https://vuldb.com/?ctiid.308212 https://vuldb.com/?id.308212 https://vuldb.com/?submit.567081 https://www.totolink.net/https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.md

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-4496

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect