CVE-2025-12239

CVE-2025-12239 is a buffer overflow vulnerability affecting the TOTOLINK A3300R router running firmware version 17.0.0cu.557_B20221024. The issue resides in the setDdnsCfg function within the /cgi-bin/cstecgi.cgi file, triggered by specific input manipulation that exceeds buffer boundaries. This flaw is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L) and no user interaction required (UI:N). Successful exploitation grants high levels of confidentiality, integrity, and availability impact (C:H/I:H/A:H), potentially allowing arbitrary code execution, data theft, or device takeover. An exploit is publicly available, as documented in a GitHub repository detailing the vulnerability and proof-of-concept.

Advisories from VulDB (ctiid.329909, id.329909, submit.673721) confirm the remote exploitability and public disclosure, while the manufacturer's site (totolink.net) provides general support resources but no specific patch details in the referenced materials. Security practitioners should isolate affected devices, monitor for anomalous DDNS configuration attempts, and seek firmware updates from TOTOLINK, as the public exploit increases the risk of active exploitation.

The public availability of the exploit on GitHub heightens the urgency for mitigation, marking this as a readily weaponizable flaw in an IoT router commonly deployed in home and small office environments.