CVE-2025-67188

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

03/02/2026

Last modified:

03/02/2026

Description

A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attackers to trigger a stack buffer overflow.

Impact

References to Advisories, Solutions, and Tools

https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-ipv6-setRadvdCfg-radvdinterfacename-buffer.md