Comprehensive Overview of CVEs and Security Vulnerabilities

CVE-2025-28024 TOTOLINK vulnerabilities Ivanti security advisory buffer overflow remote code execution security vulnerabilities
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
October 2, 2025 2 min read

CVE-2025-28024 Vulnerability in TOTOLINK A810R

TOTOLINK A810R firmware version 4.1.2cu.5182_B20201026 has a buffer overflow vulnerability located in the cstecgi.cgi file. This vulnerability has been classified under CVE-2025-28024.

Metrics

  • CVSS 4.0 Severity: Not Available
  • CVSS 3.x Severity: 9.8 (Critical)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Weakness Enumeration:
    • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

References

Threat Brief: CVE-2025-0282 and CVE-2025-0283

CVE-2025-0282 and CVE-2025-0283 impact multiple Ivanti products including Connect Secure, Policy Secure, and ZTA gateways.

CVE-2025-0282 Details

  • Type: Stack-based buffer overflow
  • Impact: Allows remote unauthenticated attackers to achieve remote code execution.
  • CVSS Score: 9.0 (Critical).

CVE-2025-0283 Details

  • Type: Stack-based buffer overflow
  • Impact: Allows local authenticated attackers to escalate privileges.
  • CVSS Score: 7.0 (High).

On January 8, 2025, Ivanti issued a security advisory regarding these vulnerabilities.

Attack Scope

  • Attackers can exploit CVE-2025-0282 by sending specially crafted requests to vulnerable appliances.
  • Specific tools and techniques associated with this attack have been observed.

Clock Icon

Recommendations

Other TOTOLINK Vulnerabilities

Several vulnerabilities have been identified in various TOTOLINK products, notably:

CVE-2025-9934

  • Product: TOTOLINK X5000R
  • Impact: Command injection vulnerability via the function sub_410C34.
  • CVSS Score: 6.3 (Medium).

CVE-2025-9935

  • Product: TOTOLINK N600R
  • Impact: Command injection vulnerability via the function sub_4159F8.
  • CVSS Score: 7.3 (High).

CVE-2025-52046

  • Product: TOTOLINK A3300R
  • Impact: Command injection vulnerability allowing unauthenticated attackers to execute arbitrary commands.
  • CVSS Score: 9.8 (Critical).

NVD CVE List

Additional Vulnerabilities

  • For a comprehensive list of TOTOLINK vulnerabilities, refer to the OpenCVE database here.

References

This technical overview provides critical information regarding recently identified vulnerabilities in TOTOLINK and Ivanti products, along with their implications and mitigation strategies.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Tribal-ISAC

Tribal-ISAC Cybersecurity Report Highlights for Tribal Nations

Discover the vital findings from the Tribal-ISAC's inaugural cybersecurity report, empowering Tribal Nations to enhance their cyber resilience. Read more!

By Edward Zhou October 2, 2025 3 min read
Read full article
Stefanini Group

Stefanini Group Strengthens Cybersecurity with Key Acquisitions

Discover how Stefanini Group's merger with Cyber Smart Defence strengthens its cybersecurity division and enhances service offerings. Learn more!

By Edward Zhou October 2, 2025 3 min read
Read full article
cybersecurity

Cybersecurity Alert: 94% of Leaked Passwords Are Not Unique

Discover essential password habits and best practices to enhance your cybersecurity. Learn how to protect your accounts today!

By Edward Zhou October 2, 2025 3 min read
Read full article
cybersecurity

Cybersecurity Alert: 94% of Passwords Are Not Unique - Learn Why

Learn effective password habits to enhance your cybersecurity. Discover password management techniques to protect against online threats. Act now!

By Edward Zhou October 2, 2025 3 min read
Read full article