How to fix CVE-2025-6149?

Within 24 hours: Identify and inventory all TOTOLINK A3002R routers in your environment and assess network exposure. Implement network segmentation to isolate affected devices from critical systems and disable remote management access where possible. Within 7 days: Deploy WAF rules to block malicious POST requests to /boafrm/formSysLog endpoints and monitor for exploitation attempts. Contact TOTOLINK for security advisories and patch timelines. Within 30 days: Evaluate router replacement or upgrade to patched firmware versions as they become available. Conduct incident response readiness drills and implement enhanced monitoring of affected devices. Consider temporary replacement with alternative network hardware if patch timeline is unclear.

Is A3002r Firmware affected by CVE-2025-6149?

A critical remote code execution vulnerability affects TOTOLIK A3002R routers (model 4.0.0-B20230531.1404), allowing unauthenticated attackers to exploit a buffer overflow through HTTP POST requests.

CVE-2025-6149

EUVD-2025-18454 HIGH

2025-06-17 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18454

PoC Detected

Jun 23, 2025 - 19:28 vuln.today

Public exploit code

CVE Published

Jun 17, 2025 - 01:15 nvd

HIGH 8.8

Description

A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK A3002R firmware version 4.0.0-B20230531.1404 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an active threat to deployed devices.

Technical Context

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web-based management interface, specifically in the /boafrm/formSysLog file which processes system logging configuration requests. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating insufficient input validation on the 'submit-url' parameter before it is written to a fixed-size buffer. This classic buffer overflow condition allows an attacker to overflow the allocated memory region, potentially overwriting adjacent stack or heap memory. The affected device is the TOTOLINK A3002R wireless router, a consumer-grade networking device that exposes this vulnerable endpoint through its embedded web management interface.

Affected Products

TOTOLINK A3002R (['4.0.0-B20230531.1404'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.6

CVSS: +44

POC: +20

CVE-2025-6149 vulnerability details – vuln.today

Back

CVE-2025-6149

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-6149

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code