{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-9303","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-08-21T05:32:29.697Z","datePublished":"2025-08-21T14:32:07.463Z","dateUpdated":"2025-08-21T14:51:50.721Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-08-21T14:32:07.463Z"},"title":"TOTOLINK A720R cstecgi.cgi setParentalRules buffer overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"TOTOLINK","product":"A720R","versions":[{"version":"4.1.5cu.630_B20250509","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited."},{"lang":"de","value":"Eine Schwachstelle wurde in TOTOLINK A720R 4.1.5cu.630_B20250509 gefunden. Hierbei betrifft es die Funktion setParentalRules der Datei /cgi-bin/cstecgi.cgi. Dank der Manipulation des Arguments desc mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff lässt sich über das Netzwerk starten. Der Exploit ist öffentlich verfügbar und könnte genutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":9,"vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-08-21T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-08-21T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-08-21T07:37:38.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"QMSSDXN (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.320908","name":"VDB-320908 | TOTOLINK A720R cstecgi.cgi setParentalRules buffer overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.320908","name":"VDB-320908 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.632410","name":"Submit #632410 | TOTOLINK A720R V4.1.5cu.630_B20250509 Buffer Overflow","tags":["third-party-advisory"]},{"url":"https://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md","tags":["related"]},{"url":"https://github.com/lin-3-start/lin-cve/blob/main/TOTOLINK%20A720R/TOTOLINK-A720R.md#poc","tags":["exploit"]},{"url":"https://www.totolink.net/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-21T14:51:45.726363Z","id":"CVE-2025-9303","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-21T14:51:50.721Z"}}]}}