CVE-2025-11444

🗓️ 08 Oct 2025 08:02:10Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 7 Views🌐 WEB

Remote buffer overflow in Totolink N600R via cstecgi.cgi setWiFiBasicConfig; affects firmware.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-11444	8 Oct 202513:24	–	circl
CNNVD	TOTOLINK N600R 安全漏洞	8 Oct 202500:00	–	cnnvd
CNVD	TOTOLINK N600R /cgi-bin/cstecgi.cgi file buffer overflow vulnerability	13 Oct 202500:00	–	cnvd
Cvelist	CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow	8 Oct 202508:02	–	cvelist
EUVD	EUVD-2025-31834	8 Oct 202508:02	–	euvd
NVD	CVE-2025-11444	8 Oct 202508:15	–	nvd
OSV	CVE-2025-11444	8 Oct 202508:15	–	osv
Positive Technologies	PT-2025-41240	8 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-11444	9 Oct 202513:27	–	redhatcve
Vulnrichment	CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow	8 Oct 202508:02	–	vulnrichment

NVD

Node

totolink n600r_firmwareRange≤4.3.0cu.7866_b2022506

AND

totolink n600rMatch-

[
  {
    "vendor": "TOTOLINK",
    "product": "N600R",
    "versions": [
      {
        "version": "4.3.0cu.7866_B20220506",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:o:totolink:n600r_firmware:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "HTTP Request Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
totolink	www.totolink.net/
vuldb	www.vuldb.com/
github	www.github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md
github	www.github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md

Parameter	Position	Path	Description	CWE
wepkey	request body	/cgi-bin/cstecgi.cgi	Buffer overflow in setWiFiBasicConfig via parameter wepkey in /cgi-bin/cstecgi.cgi leading to remote exploit.	CWE-119, CWE-120

24 Feb 2026 06:51Current

6.8Medium risk

Vulners AI Score6.8

CVSS 48.7

CVSS 3.18.8

CVSS 29

CVSS 38.8

EPSS0.00445

SSVC