CVE-2025-28256
Published: 28 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-28256 is a critical vulnerability affecting the TOTOLINK A3100R router running firmware version V4.1.2cu.5247_B20211129. The flaw exists in the setWebWlanIdx function of the /lib/cste_modules/wireless.so library, where a remote attacker can execute arbitrary code. Classified as CWE-78 (OS Command Injection), it received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) upon publication on 2025-03-28.
The vulnerability can be exploited by any remote attacker with network access to the device, requiring no privileges, user interaction, or special conditions due to its low attack complexity. Successful exploitation grants the attacker high-impact control, including unauthorized access to sensitive data, modification of system behavior, and disruption of services through arbitrary code execution on the router.
Mitigation details are documented in the referenced advisories, including the vulnerability report available at https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/A3100R/1.md. Security practitioners should consult these sources for patching instructions or workarounds specific to the affected firmware.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows a remote attacker to execute arbitrary code via a function in the router's web-related wireless module, enabling exploitation of a public-facing application.