TOTOLINK A3300R 17.0.0cu.557_B20221024 POST Parameter /cgi-bin/cstecgi.cgi setScheduleCfg recHour Pufferüberlauf

Hakika vulnerability da aka rarraba a matsayin kura an gano a TOTOLINK A3300R 17.0.0cu.557_B20221024. Tabbas, aikin setScheduleCfg ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /cgi-bin/cstecgi.cgi, a cikin sashi POST Parameter Handler. Wuro manipulation of the argument recHour ga Pufferüberlauf. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-121. Lalle, rauni an sanar da shi 10/26/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-12259. Ngam yiɗi ka a tuma ndiyam ka nder layi. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

2 Goyarwa · 88 Datenpunkte

FurɗeSúgá
10/26/2025 06:42		Gargadi 1/1
10/27/2025 12:26
software_vendorTOTOLINKTOTOLINK
software_nameA3300RA3300R
software_version17.0.0cu.557_B2022102417.0.0cu.557_B20221024
software_componentPOST Parameter HandlerPOST Parameter Handler
software_file/cgi-bin/cstecgi.cgi/cgi-bin/cstecgi.cgi
software_functionsetScheduleCfgsetScheduleCfg
software_argumentrecHourrecHour
vulnerability_cweCWE-121 (Pufferüberlauf)CWE-121 (Pufferüberlauf)
vulnerability_risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
advisory_urlhttps://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setScheduleCfg.mdhttps://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setScheduleCfg.md
exploit_availability11
exploit_publicity11
exploit_urlhttps://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setScheduleCfg.mdhttps://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setScheduleCfg.md
source_cveCVE-2025-12259CVE-2025-12259
cna_responsibleVulDBVulDB
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_uiNN
cvss4_vuldb_vcHH
cvss4_vuldb_viHH
cvss4_vuldb_vaHH
cvss4_vuldb_ePP
cvss2_vuldb_auSS
cvss2_vuldb_rlNDND
cvss3_vuldb_prLL
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_prLL
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore9.09.0
cvss2_vuldb_tempscore7.77.7
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.08.0
cvss3_meta_basescore8.88.8
cvss3_meta_tempscore8.08.4
cvss4_vuldb_bscore8.78.7
cvss4_vuldb_btscore7.47.4
advisory_date1761429600 (10/26/2025)1761429600 (10/26/2025)
price_0day$0-$5k$0-$5k
cve_nvd_summaryA flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcH
cvss4_cna_viH
cvss4_cna_vaH
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore8.7
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aH
cvss3_cna_basescore8.8
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciC
cvss2_cna_iiC
cvss2_cna_aiC
cvss2_cna_basescore9

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!