TOTOLINK A3300R 17.0.0cu.557_B20221024 POST Parameter /cgi-bin/cstecgi.cg setOpModeCfg opmode ବଫର୍ ଓଭରଫ୍ଲୋ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu TOTOLINK A3300R 17.0.0cu.557_B20221024 keessatti argameera. Miidhaan irra gahe is hojii setOpModeCfg faayilii /cgi-bin/cstecgi.cg keessa kutaa POST Parameter Handler keessa. Dhugumatti jijjiirraa irratti raawwatame opmode gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-121 si geessa. Beekumsi kun yeroo 10/26/2025 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-12258 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Meeshaa balaa kana fayyadamuuf hin argamne. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ଅପରିଭାଷିତ jedhamee murtaa’eera. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 84 ପଏଣ୍ଟ

ଫିଲ୍ଡସୃଷ୍ଟି ହୋଇଛି
10/26/2025 06:42 AM		ଅଦ୍ୟତନ 1/1
10/27/2025 12:26 PM
software_vendorTOTOLINKTOTOLINK
software_nameA3300RA3300R
software_version17.0.0cu.557_B2022102417.0.0cu.557_B20221024
software_componentPOST Parameter HandlerPOST Parameter Handler
software_file/cgi-bin/cstecgi.cg/cgi-bin/cstecgi.cg
software_functionsetOpModeCfgsetOpModeCfg
software_argumentopmodeopmode
vulnerability_cweCWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_rcRR
advisory_urlhttps://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setOpModeCfg.mdhttps://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setOpModeCfg.md
source_cveCVE-2025-12258CVE-2025-12258
cna_responsibleVulDBVulDB
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_rcURUR
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_uiNN
cvss4_vuldb_vcHH
cvss4_vuldb_viHH
cvss4_vuldb_vaHH
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_prLL
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss4_vuldb_eXX
cvss2_vuldb_basescore9.09.0
cvss2_vuldb_tempscore8.68.6
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.58.5
cvss3_meta_basescore8.88.8
cvss3_meta_tempscore8.58.6
cvss4_vuldb_bscore8.78.7
cvss4_vuldb_btscore8.78.7
advisory_date1761429600 (10/26/2025)1761429600 (10/26/2025)
price_0day$0-$5k$0-$5k
cve_nvd_summaryA vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from remote.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcH
cvss4_cna_viH
cvss4_cna_vaH
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore8.7
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aH
cvss3_cna_basescore8.8
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciC
cvss2_cna_iiC
cvss2_cna_aiC
cvss2_cna_basescore9

ପଛକୁସମୀକ୍ଷାଆହୁରି ଦୂରରେ

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!