CVE-2025-11444

Published Oct 8, 2025

Last updated 5 months ago

CVSS high 7.4

Overview

Description
A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Source
cna@vuldb.com
NVD status
Analyzed
Products
n600r_firmware

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Secondary
Base score
9
Impact score
10
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

cna@vuldb.com
CWE-119

Social media

Hype score
Not currently trending

  1. CVE-2025-11444 A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.c… https://t.co/yGADQs88Jt

    @CVEnew

    8 Oct 2025

    405 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-11444: HIGH] Security alert: Vulnerability in TOTOLINK N600R up to 4.3.0cu.7866_B20220506 discovered. Remote attackers can exploit buffer overflow in setWiFiBasicConfig via wepkey argument in HTTP ...#cve,CVE-2025-11444,#cybersecurity https://t.co/QesyEfhMXY https://t.c

    @CveFindCom

    8 Oct 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A NULL pointer dereference in the sub_41773C function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.CVE-2025-60336
  2. A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.CVE-2025-60335
  3. TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.CVE-2025-60334
  4. TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the wepkey2 parameter in the setWiFiMultipleConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.CVE-2025-60333
  5. A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service.CVE-2025-57623

References

Sources include official advisories and independent security research.