ГлавнаяУязвимости → CVE-2025-28036
9.8критическая

CVE-2025-28036

Описание

TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

Затрагиваемое ПО
Totolink A950rg firmwareTotolink A950rgTotolink A810r firmwareTotolink A810rTotolink A800r firmwareTotolink A800rTotolink A830r firmwareTotolink A830rTotolink A3000ru firmwareTotolink A3000ruTotolink A3100r firmwareTotolink A3100r
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://locrian-lightning-dc7.notion.site/RCE1-1a98e5e2b1a28081880dd817104b3af4https://locrian-lightning-dc7.notion.site/CVE-2025-28035-CVE-2025-28036-RCE1-1a98e5e2b1a28081880dd817104b3af4