Cyber Resilience

CVE-2025-67186

CriticalPublic PoC

Published: 03 February 2026

Published
03 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0069 48.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-67186 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Totolink A950Rg Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

TOTOLINK A950RG routers running firmware version V4.1.2cu.5204_B20210112 are affected by CVE-2025-67186, a buffer overflow vulnerability (CWE-120) in the setUrlFilterRules interface within the /lib/cste_modules/firewall.so library. The issue arises because the `url` parameter lacks proper length validation, enabling attackers to overflow the buffer. Published on 2026-02-03, this vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact exploitation.

Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction by sending specially crafted requests to the affected interface. Successful exploitation may result in arbitrary code execution on the device or denial of service, allowing full compromise of the router's functionality, including potential network pivoting or persistence in IoT environments.

Mitigation details are available in the primary advisory reference at https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setUrlFliterRules-url-buffer.md, which likely includes technical analysis and proof-of-concept information for practitioners to assess and address the issue. No vendor patches are specified in available data.

EU & UK References

Vulnerability details

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code…

more

execution or denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in unauthenticated public-facing router web interface enables remote code execution, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-67188Same product: Totolink A950Rg
CVE-2025-67187Same product: Totolink A950Rg
CVE-2025-25635Same vendor: Totolink
CVE-2025-25609Same vendor: Totolink
CVE-2026-31027Same vendor: Totolink
CVE-2025-51630Same vendor: Totolink
CVE-2025-9780Same vendor: Totolink
CVE-2025-25610Same vendor: Totolink
CVE-2025-1852Same vendor: Totolink
CVE-2026-1328Same vendor: Totolink

Affected Assets

totolink
a950rg firmware
4.1.2cu.5204_b20210112

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of length validation on the 'url' parameter in the setUrlFilterRules interface, preventing buffer overflow exploitation.

prevent

Requires timely remediation of the identified buffer overflow flaw through patching or firmware updates to eliminate the vulnerability.

prevent

Implements memory protections such as ASLR and stack canaries to mitigate successful buffer overflow exploitation even if input validation fails.

References