How to fix CVE-2025-6163?

Within 24 hours: Identify all TOTOLINK A3002RU devices in production and isolate them from critical network segments; disable remote management features if possible. Within 7 days: Contact TOTOLINK for patch availability and timeline; implement network segmentation to limit router access to trusted zones only; deploy WAF rules to block malicious POST requests to /boafrm/formMultiAP. Within 30 days: Procure replacement hardware or apply vendor patch immediately upon release; conduct forensic analysis on affected routers for signs of compromise; review network access logs for suspicious activity dating back 60 days.

Is A3002ru Firmware affected by CVE-2025-6163?

A critical remote code execution vulnerability affects TOTOLIK A3002RU routers (model 3.0.0-B20230809.1615) with a high CVSS score of 8.8 and active public exploits in circulation.

CVE-2025-6163

EUVD-2025-18475 HIGH

2025-06-17 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18475

PoC Detected

Jun 23, 2025 - 19:11 vuln.today

Public exploit code

CVE Published

Jun 17, 2025 - 05:15 nvd

HIGH 8.8

Description

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others) affecting the HTTP POST request handler at endpoint /boafrm/formMultiAP. An authenticated attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability is actively exploitable.

Technical Context

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's firmware, specifically in the /boafrm/formMultiAP endpoint. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where user-supplied input in the 'submit-url' parameter is not properly validated for length before being written to a fixed-size buffer. This allows an attacker to overwrite adjacent memory, potentially corrupting the stack or heap and achieving arbitrary code execution. The vulnerability affects TOTOLINK A3002RU (CPE: cpe:2.7:o:totolink:a3002ru_firmware:3.0.0-b20230809.1615:*:*:*:*:*:*:*), a consumer-grade wireless router/access point device commonly deployed in small offices and homes.

Affected Products

A3002RU (['3.0.0-B20230809.1615', 'likely other versions in the 3.x series'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.6

CVSS: +44

POC: +20

CVE-2025-6163 vulnerability details – vuln.today

Back

CVE-2025-6163

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-6163

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code