CVE-2025-45797 is a buffer overflow vulnerability identified in the TOTOlink A950RG router firmware version 4.1.2cu.5204_B20210112. The flaw exists in the handling of the NoticeUrl parameter within the setNoticeCfg interface located in the /lib/cste_modules/system.so library. Specifically, the vulnerability arises due to improper input validation of this parameter, which allows an attacker to supply input that exceeds the buffer size, leading to memory corruption. Buffer overflow vulnerabilities can be exploited to execute arbitrary code, cause denial of service, or crash the device. In this case, the vulnerability is remotely exploitable over the network without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The CVSS base score is 6.5, categorizing it as a medium severity issue. The vulnerability impacts confidentiality and integrity, as an attacker could potentially manipulate device behavior or intercept sensitive data by exploiting this flaw. However, availability impact is rated as none. There are no known exploits in the wild at the time of publication, and no patches have been released yet. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow), a common and critical software weakness. The affected product is a specific router model, which is typically used in small office or home office environments. The lack of vendor project and product details limits the scope of affected versions, but the firmware version is explicitly mentioned. Given the nature of the vulnerability, exploitation could lead to unauthorized control over the device or network traffic interception.

For European organizations, especially small and medium enterprises (SMEs) and home office users relying on TOTOlink A950RG routers, this vulnerability poses a risk of unauthorized access and potential compromise of internal networks. Exploitation could allow attackers to execute arbitrary code on the router, potentially leading to interception or manipulation of network traffic, disruption of network services, or pivoting to other internal systems. This could result in data breaches, loss of confidentiality, and integrity of communications. Since the vulnerability does not require authentication or user interaction, it could be exploited remotely by attackers scanning for vulnerable devices exposed to the internet or within local networks. The absence of known exploits currently reduces immediate risk, but the medium severity score and ease of exploitation suggest that attackers may develop exploits soon. European organizations with limited IT security resources may be particularly vulnerable if they use this router model without timely updates or mitigations. The impact is more pronounced in sectors handling sensitive data or critical communications, such as finance, healthcare, and government agencies operating at smaller scales or remote offices.

1. Immediate network segmentation: Isolate TOTOlink A950RG routers from critical network segments to limit potential lateral movement if compromised. 2. Restrict remote access: Disable or tightly control remote management interfaces (e.g., WAN-side access) to prevent external exploitation. 3. Monitor network traffic: Implement intrusion detection/prevention systems (IDS/IPS) to detect anomalous activity targeting the router, especially malformed packets aimed at the setNoticeCfg interface. 4. Firmware updates: Regularly check for official patches or firmware updates from TOTOlink and apply them promptly once available. 5. Vendor engagement: Contact TOTOlink support to inquire about patch timelines and request mitigation guidance. 6. Device replacement: Consider replacing vulnerable routers with models from vendors with stronger security track records if patches are delayed. 7. Network hardening: Employ firewall rules to restrict access to router management ports and use VPNs for remote management. 8. Incident response readiness: Prepare to respond to potential exploitation by maintaining backups of router configurations and logs for forensic analysis.