CVE Alert: CVE-2025-12240 - TOTOLINK - A3300R

CVE-2025-12240

HIGHNo exploitation known

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

CVSS v3.1 (8.8)

Vendor

TOTOLINK

Product

A3300R

Versions

17.0.0cu.557_B20221024

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-10-27T06:32:14.914Z

Updated

2025-10-27T06:32:14.914Z

References

https://vuldb.com/?id.329910

https://vuldb.com/?ctiid.329910

https://vuldb.com/?submit.673722

https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setDmzCfg.md

https://www.totolink.net/

AI Summary Analysis

Risk verdict

High risk: the flaw enables remote code execution with low preconditions and a publicly available exploit, demanding urgent remediation on affected devices.

Why this matters

Exploitation could give an attacker full control of the router, altering DMZ settings, pivoting to connected hosts, or expanding access within the network. For businesses relying on TOTOLINK A3300R as a gateway, the impact includes data exposure, service disruption, and potential commoditisation of the device for further intrusions.

Most likely attack path

An attacker can reach the cstecgi.cgi endpoint over the network, with low complexity and no user interaction required. The vulnerability involves a buffer overflow via the ip parameter, enabling remote arbitrary code execution with at least low privileges. Given the high impact on confidentiality, integrity and availability, successful exploitation could enable lasting control of the device and lateral movement within the LAN.

Who is most exposed

Devices deployed as consumer/SMB gateways with web management exposed (WAN or LAN) are most at risk, especially when remote administration is enabled or poorly segmented from critical networks.

Detection ideas

Unusual requests to /cgi-bin/cstecgi.cgi with crafted ip values
Repeated device reboots or memory-related crash logs after specific requests
High CPU/memory spikes coincident with DMZ configuration attempts
Anomalous DMZ changes or unexpected traffic to internal hosts
IoT/SIEM signatures indicating exploitation attempts against this endpoint

Mitigation and prioritisation

Apply the latest firmware patch for TOTOLINK A3300R (17.0.0cu.557_B20221024 or newer) immediately.
If patching is not feasible, disable or tightly restrict remote management (WAN admin access) and enforce network segmentation for management interfaces.
Block or constrain access to /cgi-bin/cstecgi.cgi at the network edge; implement strict ACLs and monitor for related probes.
Enable invasive monitoring: IDS/IPS signatures for this CVE; capture and investigate any DMZ configuration changes.
Coordinate a change window and verify post-patch stability; reassess risk level once patch status is confirmed.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: a3300r, CVE, cve-2025-12240, OSINT, threatintel, totolink