CVE-2025-67189
Buffer Overflow in TOTOLINK A950RG setParentalRules Enables Remote Code Execution
Publication date: 2026-02-03
Last updated on: 2026-02-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a950rg_firmware | 4.1.2cu.5204_b20210112 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the setParentalRules interface to trusted users only, such as limiting access to the local network or using firewall rules.
Additionally, monitoring for unusual activity or crashes related to this interface can help in early detection of exploitation attempts.
Applying any available firmware updates or patches from the vendor that address this vulnerability is recommended once they become available.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability is a buffer overflow in the setParentalRules interface of the TOTOLINK A950RG router firmware version V4.1.2cu.5204_B20210112. Specifically, the urlKeyword parameter is not properly validated. The function handling this parameter concatenates multiple user-controlled inputs into a fixed-size stack buffer without checking if the combined size exceeds the buffer's capacity."}, {'type': 'paragraph', 'content': 'Because of this improper boundary checking, a remote attacker can exploit the flaw by sending specially crafted input that overflows the buffer.'}, {'type': 'paragraph', 'content': 'This overflow can lead to denial of service or potentially allow the attacker to execute arbitrary code on the device.'}] [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can have serious impacts including:
- Denial of service: The device may crash or become unresponsive, disrupting network connectivity.
- Arbitrary code execution: An attacker could potentially run malicious code on the affected device, leading to unauthorized control.
- Compromise of network security: Since the device is a router, successful exploitation could allow attackers to intercept, manipulate, or redirect network traffic.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves checking for the presence of the vulnerable TOTOLINK A950RG firmware version and monitoring for suspicious activity related to the setParentalRules interface, specifically the urlKeyword parameter.'}, {'type': 'paragraph', 'content': "Since the vulnerability is triggered by malformed input to the setParentalRules interface, one approach is to send crafted requests to this interface and observe the device's behavior for crashes or abnormal responses."}, {'type': 'paragraph', 'content': 'Specific commands or scripts to test this vulnerability are not explicitly provided in the available resources.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know