A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| https://vuldb.com/?id.320908 | vdb entry technical description |
| https://vuldb.com/?ctiid.320908 | permissions required signature |
| https://vuldb.com/?submit.632410 | third party advisory |
| https://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md | related |
| https://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md#poc | exploit |
| https://www.totolink.net/ | product |