CVE-2025-6401

TOTOLINK N300RH HTTP POST Message formFilter denial of service

CVSS 5.1 MEDIUMEPSS 0.4%CWE-404

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 jun 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

TOTOLINK · N300RH

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/d2pq/cve/blob/main/616/21.md https://github.com/d2pq/cve/blob/main/616/21.md#poc https://vuldb.com/?ctiid.313395 https://vuldb.com/?id.313395 https://vuldb.com/?submit.597688 https://www.totolink.net/