cnvd - cnvd-2025-23584

CNVD-2025-23584

Vulnerability from cnvd - Published: 2025-10-14

Title

TOTOLINK N600R /cgi-bin/cstecgi.cgi文件缓冲区溢出漏洞

Description

TOTOLINK N600R是韩国品牌TOTOLINK于2013年推出的双频无线路由器，支持2.4GHz和5GHz频段并发工作，最高无线传输速率为300Mbps。 TOTOLINK N600R存在缓冲区溢出漏洞，该漏洞源于文件/cgi-bin/cstecgi.cgi中参数wepkey未能正确验证输入数据的长度大小，攻击者可利用该漏洞在系统上执行任意代码或者导致拒绝服务。

Severity

高

Formal description

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://www.totolink.net/

Reference

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md

Impacted products

Name
TOTOLINK N600R <=4.3.0cu.7866_B20220506

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-11444",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-11444"
    }
  },
  "description": "TOTOLINK N600R\u662f\u97e9\u56fd\u54c1\u724cTOTOLINK\u4e8e2013\u5e74\u63a8\u51fa\u7684\u53cc\u9891\u65e0\u7ebf\u8def\u7531\u5668\uff0c\u652f\u63012.4GHz\u548c5GHz\u9891\u6bb5\u5e76\u53d1\u5de5\u4f5c\uff0c\u6700\u9ad8\u65e0\u7ebf\u4f20\u8f93\u901f\u7387\u4e3a300Mbps\u3002\n\nTOTOLINK N600R\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6/cgi-bin/cstecgi.cgi\u4e2d\u53c2\u6570wepkey\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u7684\u957f\u5ea6\u5927\u5c0f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u8005\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.totolink.net/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-23584",
  "openTime": "2025-10-14",
  "products": {
    "product": "TOTOLINK N600R \u003c=4.3.0cu.7866_B20220506"
  },
  "referenceLink": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md",
  "serverity": "\u9ad8",
  "submitTime": "2025-10-13",
  "title": "TOTOLINK N600R /cgi-bin/cstecgi.cgi\u6587\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2025-11444 (GCVE-0-2025-11444)

Vulnerability from cvelistv5 – Published: 2025-10-08 08:02 – Updated: 2025-10-08 13:15

Summary

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

CWE

CWE-120 - Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.327381	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.327381	signaturepermissions-required
	https://vuldb.com/?submit.666915	third-party-advisory
	https://github.com/z472421519/BinaryAudit/blob/ma…	exploit
	https://github.com/z472421519/BinaryAudit/blob/ma…	exploit
	https://www.totolink.net/	product

Impacted products

	Vendor	Product	Version
	TOTOLINK	N600R	Affected: 4.3.0cu.7866_B20220506

Credits

z472421519 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11444",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-08T13:15:12.395734Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-08T13:15:16.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md#reproduce"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "HTTP Request Handler"
          ],
          "product": "N600R",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "4.3.0cu.7866_B20220506"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "z472421519 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in TOTOLINK N600R up to 4.3.0cu.7866_B20220506 entdeckt. Betroffen ist die Funktion setWiFiBasicConfig der Datei /cgi-bin/cstecgi.cgi der Komponente HTTP Request Handler. Mittels dem Manipulieren des Arguments wepkey mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-08T08:02:10.203Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-327381 | TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.327381"
        },
        {
          "name": "VDB-327381 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.327381"
        },
        {
          "name": "Submit #666915 | TOTOLINK N600R firmware V4.3.0cu.7866_B20220506 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.666915"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md#reproduce"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.totolink.net/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-07T15:24:47.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11444",
    "datePublished": "2025-10-08T08:02:10.203Z",
    "dateReserved": "2025-10-07T13:19:44.162Z",
    "dateUpdated": "2025-10-08T13:15:16.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-23584

CVE-2025-11444 (GCVE-0-2025-11444)

Tags

Sightings

Nomenclature