EUVD-2025-17013CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Analysis
A critical buffer overflow vulnerability exists in TOTOLINK N302R Plus router firmware (versions up to 3.4.0-B20201028) in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated remote attacker can exploit this by manipulating the 'service_type' parameter to cause buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability shows strong indicators of active exploitation risk.
Technical Context
This vulnerability affects the TOTOLINK N302R Plus wireless router's web-based management interface. The vulnerability exists in the HTTP POST request handler component that processes port forwarding configuration requests. The affected endpoint '/boafrm/formPortFw' fails to properly validate input length for the 'service_type' parameter before copying it into a fixed-size buffer, creating a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). The router's embedded web server (likely boa or similar lightweight HTTP daemon common in embedded devices) processes this request without adequate bounds checking. This is typical of older embedded device firmware that prioritizes minimal memory footprint over security. The CPE string 'cpe:2.3:o:totolink:n302r_plus_firmware:*:*:*:*:*:*:*:*' indicates this affects the firmware component across the N302R Plus hardware platform.
Affected Products
TOTOLINK N302R Plus router firmware versions up to and including 3.4.0-B20201028. The vulnerability affects the complete product line of this model across all regional variants running vulnerable firmware versions. No specific patch version is documented in the available disclosure, suggesting either the product line was end-of-life or patches were not released by vendor. Organizations should check TOTOLINK's official security advisory (typically at support.totolink.net or via the device web interface firmware update mechanism) for patch availability. Users of N302R Plus should verify their current firmware version via the admin interface (typically accessible at 192.168.0.1 or 192.168.1.1).
Remediation
Immediate actions: (1) If a firmware patch is available from TOTOLINK for the N302R Plus, apply it immediately via the administrative interface (System Settings > Firmware Upgrade); (2) If no patch is available (product may be end-of-life), implement network segmentation to restrict administrative access to the router's web interface to trusted administrative networks only, using ACLs or firewall rules to block port 80/443 except from designated management IPs; (3) Change default credentials and implement strong, unique administrative passwords; (4) Disable remote management/WAN access to the router's web interface if enabled (check System Settings > Remote Management); (5) Consider replacing the device with a current model receiving active security updates if this is a production environment; (6) Monitor for suspicious POST requests to /boafrm/formPortFw endpoint in any available access logs. Verify patch status at official TOTOLINK support channels before deployment.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today