CVE Catalog

CVE-2025-46060

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.84%

53th percentile - higher than 53% of all known CVEs

Summary

A buffer overflow vulnerability was found in the TOTOLINK N600R router firmware version 4.3.0cu.7866_B2022506. A remote attacker can exploit the UPLOAD_FILENAME component to execute arbitrary code.

Risk Assessment

The risk involves potential remote code execution by an unauthenticated attacker, leading to full compromise of the router and the network it serves.

Recommendation

Immediately update the TOTOLINK N600R firmware to the latest available version. If no update is available, restrict management interface access to trusted networks only.

Original NVD description (English source)

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component

Vulnerability data from NVD (NIST) · CISA KEV · EPSS