How to fix CVE-2025-67189?

Within 30 days: Identify affected systems running the setParentalRules interface of TOTOLINK A950RG and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is A950rg Firmware affected by CVE-2025-67189?

Organizations using the setParentalRules interface of TOTOLINK A950RG should be aware of notable risk from CVE-2025-67189, a buffer overflow vulnerability rated CVSS 6.5. Exploitation could cause memory corruption or application crashes. Proof-of-concept code is publicly available.

CVE-2025-67189

MEDIUM

2026-02-03 [email protected]

6.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 14:15 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 18:16 nvd

MEDIUM 6.5

Description

A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution.

Analysis

A950Rg Firmware versions up to 4.1.2cu.5204_b20210112 is affected by classic buffer overflow (CVSS 6.5).

Technical Context

This vulnerability (CWE-120: Classic Buffer Overflow) exists in the setParentalRules component. A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution.

Affected Products

Vendor: Totolink. Product: A950Rg Firmware. Versions: up to 4.1.2cu.5204_b20210112. Component: setParentalRules.

Remediation

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +32

POC: +20

CVE-2025-67189 vulnerability details – vuln.today

Back

CVE-2025-67189

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-67189

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code