CVE-2025-4823

TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formReflashClientTbl submit-url buffer overflow

CVSS 8.7 HIGHEPSS 0.7%CWE-119 CWE-120

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.7EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 mai 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

TOTOLINK · A3002R TOTOLINK · A3002RU TOTOLINK · A702R

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/CH13hh/tmp_store_cc/blob/main/toto/1.md https://vuldb.com/?ctiid.309284 https://vuldb.com/?id.309284 https://vuldb.com/?submit.574593 https://www.totolink.net/