CVE Alert: CVE-2025-12259 - TOTOLINK - A3300R

CVE-2025-12259

HIGHNo exploitation known

A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.

CVSS v3.1 (8.8)

Vendor

TOTOLINK

Product

A3300R

Versions

17.0.0cu.557_B20221024

CWE

CWE-121, Stack-based Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-10-27T10:02:08.097Z

Updated

2025-10-27T10:02:08.097Z

References

https://vuldb.com/?id.329930

https://vuldb.com/?ctiid.329930

https://vuldb.com/?submit.673726

https://github.com/noahze01/IoT-vulnerable/blob/main/TOTOLink/A3300R/setScheduleCfg.md

https://www.totolink.net/

AI Summary Analysis

Risk verdict

Critical risk: remote code execution is possible on affected devices, with a publicly available exploit increasing immediate exploitation likelihood; treat as a high-priority issue.

Why this matters

Full device compromise would give an attacker control over network traffic and router functions, enabling data interception, disruption, and persistence within the network. In typical home or small business deployments, a single exploited router can serve as a foothold for broader network compromise or lateral movement to connected devices.

Most likely attack path

An attacker could exploit the network-facing CGI/POST parameter handler without user interaction, using an existing foothold to trigger a stack-based overflow. The vulnerability requires at least low-privilege access on the device, but the attack is remotely reachable and can fully compromise confidentiality, integrity and availability. The exploit’s existence raises the likelihood of automated or mass exploitation attempts.

Who is most exposed

Consumer and small-office routers that expose management interfaces or have weak default security are most at risk, especially where remote administration is enabled or poorly protected.

Detection ideas

Monitor for unusual or high-volume HTTP POST activity to the device’s web interface.
Look for anomalously long or abnormal parameter values related to CGI inputs.
Detect device crashes, reboots, or abnormal memory/CPU spikes following POST requests.
Check for crash dumps or diagnostic logs indicating stack overflows.

Mitigation and prioritisation

Apply vendor patch or upgrade to the latest fixed firmware as soon as available.
If patching is not yet possible, disable remote management and restrict access to the device management interface (LAN-only).
Implement network segmentation and tighten firewall rules around the router’s management ports.
Enable logging/monitoring for CGI endpoints and set alerts for abnormal POST traffic.
Plan a change window for firmware verification and rollback procedures if issues arise.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: a3300r, CVE, cve-2025-12259, OSINT, threatintel, totolink