CVE-2025-11444
Published: 08 October 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-11444 is a buffer overflow vulnerability in TOTOLINK N600R routers running firmware versions up to 4.3.0cu.7866_B20220506. The flaw affects the setWiFiBasicConfig function in the /cgi-bin/cstecgi.cgi file of the HTTP Request Handler component, where manipulation of the wepkey argument triggers the overflow. Published on 2025-10-08, it is rated 8.8 on the CVSS v3.1 scale (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-119 and CWE-120.
The vulnerability enables remote exploitation by attackers possessing low privileges, such as authenticated users, with low attack complexity and no need for user interaction. Exploitation of the buffer overflow can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.
Advisories and references, including VulDB entries and a GitHub repository, document the issue but do not specify vendor patches or detailed mitigation steps. A public proof-of-concept exploit is available, demonstrating reproduction of the buffer overflow via the wepkey parameter.
The exploit has been publicly disclosed, heightening the risk for unpatched TOTOLINK N600R devices exposed to the internet.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow in the router's public-facing HTTP CGI interface (/cgi-bin/cstecgi.cgi) via wepkey parameter enables exploitation of public-facing applications (T1190) for potential RCE and endpoint DoS through application crash (T1499.004).