← back
CVE-2025-28034

CVE-2025-28034

CVSS 9.8 CRITICALEPSS 1.1%CWE-78
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
cve_referencelocrian-lightning-dc7.notion.site/CVE-2025-28034-RCE2-1a98e5e2b1a280bebf53d868f1b1a711unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://locrian-lightning-dc7.notion.site/CVE-2025-28034-RCE2-1a98e5e2b1a280bebf53d868f1b1a711https://locrian-lightning-dc7.notion.site/RCE2-1a98e5e2b1a280bebf53d868f1b1a711?pvs=74