CVE-2025-67186
Buffer Overflow in TOTOLINK A950RG Firewall Module Enables RCE
Publication date: 2026-02-03
Last updated on: 2026-02-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a950rg_firmware | 4.1.2cu.5204_b20210112 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "Detection of this vulnerability involves monitoring for attempts to exploit the buffer overflow in the setUrlFilterRules interface of /lib/cste_modules/firewall.so by checking for unusually long or malformed 'url' parameters in network traffic targeting the TOTOLINK A950RG device."}, {'type': 'paragraph', 'content': 'Specific commands or scripts to detect exploitation attempts are not explicitly provided in the available resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable interface, such as limiting remote management access to trusted networks only, and monitoring for suspicious activity targeting the setUrlFilterRules interface.
Applying any available firmware updates or patches from TOTOLINK addressing this vulnerability is recommended once released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the buffer overflow vulnerability in TOTOLINK A950RG affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'This vulnerability exists in the TOTOLINK A950RG router firmware version 4.1.2cu.5204_B20210112. It is a buffer overflow issue found in the setUrlFilterRules interface within the /lib/cste_modules/firewall.so component.'}, {'type': 'paragraph', 'content': "The problem arises because the 'url' parameter passed to this interface is not properly checked for its length. This lack of validation allows a remote attacker to send an overly long input, causing a buffer overflow."}, {'type': 'paragraph', 'content': 'Exploiting this buffer overflow can potentially allow the attacker to execute arbitrary code on the device or cause a denial of service by crashing the system.'}] [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can have serious impacts including:
- Arbitrary code execution by a remote attacker, which could lead to full control over the affected device.
- Denial of service, causing the device to crash or become unresponsive.
Such impacts could compromise the security and availability of your network infrastructure if you are using the vulnerable TOTOLINK A950RG device.