CVE Alert: CVE-2025-12258 - TOTOLINK - A3300R

CVE-2025-12258

HIGHNo exploitation known

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from remote.

CVSS v3.1 (8.8)

Vendor

TOTOLINK

Product

A3300R

Versions

17.0.0cu.557_B20221024

CWE

CWE-121, Stack-based Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R

Published

2025-10-27T09:32:11.829Z

Updated

2025-10-27T13:23:42.434Z

References

https://vuldb.com/?id.329929

https://vuldb.com/?ctiid.329929

https://vuldb.com/?submit.673725

https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setOpModeCfg.md

https://www.totolink.net/

AI Summary Analysis

Risk verdict

High risk: network-accessible remote code execution via a crafted POST parameter with high impact.

Why this matters

If exploited, an unauthenticated attacker could take control of the device, disable or bypass security functions, and pivot onto the internal network. The impact is total compromise of confidentiality, integrity and availability for the device, with potential data exposure and further network compromise.

Most likely attack path

Attack relies on a remote POST to a CGI endpoint; no user interaction needed. The attacker must have at least low privileges on the device, but can trigger the overflow over the network, making automated, mass exploitation feasible. Successful overflow yields control or memory corruption enabling further actions.

Who is most exposed

Devices with internet-facing or broadly reachable management interfaces are at greatest risk, especially small office/home routers or similar appliances with exposed CGI endpoints and default or weak access controls.

Detection ideas

Look for POST requests to /cgi-bin/cstecgi.cg containing anomalously long or crafted opmode values.
Monitor for device crashes, reboots, or memory/stack traces tied to the affected CGI path.
Unusual spikes in CPU/memory usage on the device’s management process.
Repeated failed or abnormal authentication attempts on the web interface.
Logs indicating memory corruption events or segfaults related to the CGI subsystem.

Mitigation and prioritisation

Apply the vendor’s latest firmware promptly; verify patch validity in change-control records.
Disable or tightly restrict remote management; limit access to trusted networks and implement strong access controls.
Change default credentials and enforce strong authentication for management interfaces.
Implement network segmentation and firewall rules to minimise exposure of management endpoints.
Schedule a test deployment in a staging environment before production roll-out; monitor for indicators of exploitation post-patch.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: a3300r, CVE, cve-2025-12258, OSINT, threatintel, totolink

CVE Alert: CVE-2025-12258 – TOTOLINK – A3300R