EUVD-2025-18482CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical buffer overflow vulnerability in TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404, affecting the HTTP POST request handler in the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, increasing real-world exploitation risk.
Technical Context
The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web-based management interface. The affected endpoint /boafrm/formMultiAP fails to properly validate or bound-check the 'submit-url' parameter before processing it, leading to a classic stack or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). This is a common vulnerability class in embedded device firmware where legacy C code lacks modern memory safety protections. TOTOLINK A3002R is a residential WiFi router (CPE: cpe:2.7:a:totolink:a3002r:4.0.0:b20230531.1404:*:*:*:*:*:*) running embedded Linux with a web management interface. The lack of ASLR, stack canaries, or DEP protections typical in budget router firmware makes exploitation straightforward once buffer boundaries are identified.
Affected Products
TOTOLINK A3002R firmware version 4.0.0-B20230531.1404 and likely earlier/concurrent versions in the 4.x branch. CPE: cpe:2.7:a:totolink:a3002r:4.0.0:b20230531.1404:*:*:*:*:*:*. No vendor security advisory or patch reference provided in accessible sources—this represents a critical gap. Check TOTOLINK's support portal (typically totolink.net or regional mirrors) for firmware updates targeting version 4.0.0-B20230531.1405 or later. Geographic availability varies; some regions may have different firmware branches. Related TOTOLINK A-series routers (A3002RU, A3004NS, etc.) may share the same web framework and warrant testing.
Remediation
Immediate: (1) If TOTOLINK has issued a firmware patch, upgrade to the latest stable version (check support.totolink.net or regional support sites for build dates post-May 2023); (2) If no official patch exists, implement network-level mitigation: restrict access to router management interface (port 80/443) to trusted IP addresses only via firewall rules; (3) Disable remote management features if not required; (4) Change default credentials and enforce strong authentication. Short-term: Monitor TOTOLINK advisory channels for security bulletins. Long-term: Consider device replacement with vendors demonstrating active security patching practices. If source code or detailed advisory emerges, WAF rules blocking oversized or malformed 'submit-url' parameters may provide temporary boundary protection, though this is not a substitute for patching.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today