What is the CVSS score of CVE-2025-6164?

CVE-2025-6164 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of A3002r Firmware are affected by CVE-2025-6164?

A critical remote code execution vulnerability exists in TOTOLINK A3002R routers affecting organizations using this network equipment for internet connectivity or network management.

Is there a public PoC exploit available for CVE-2025-6164?

Yes, a public proof-of-concept exploit is available for CVE-2025-6164. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate CVE-2025-6164?

Within 24 hours: Identify all TOTOLIK A3002R devices (version 4.0.0-B20230531.1404) in your environment and isolate affected units from critical network segments if possible. Within 7 days: Implement WAF rules to block POST requests to /boafrm/formMultiAP endpoint and restrict HTTP access to these devices to trusted administrative networks only. Within 30 days: Plan replacement or upgrade of affected TOTOLIK devices to patched firmware versions when vendor releases updates, and monitor TOTOLIK security advisories daily.

A3002r Firmware CVE-2025-6164

EUVD-2025-18482 HIGH

Buffer Overflow (CWE-119)

2025-06-17 cna@vuldb.com

Buffer Overflow TP-Link A3002r Firmware TOTOLINK

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18482

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

PoC Detected

Jun 23, 2025 - 19:01 vuln.today

Public exploit code

CVE Published

Jun 17, 2025 - 06:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404, affecting the HTTP POST request handler in the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, increasing real-world exploitation risk.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web-based management interface. The affected endpoint /boafrm/formMultiAP fails to properly validate or bound-check the 'submit-url' parameter before processing it, leading to a classic stack or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). This is a common vulnerability class in embedded device firmware where legacy C code lacks modern memory safety protections. TOTOLINK A3002R is a residential WiFi router (CPE: cpe:2.7:a:totolink:a3002r:4.0.0:b20230531.1404:*:*:*:*:*:*) running embedded Linux with a web management interface. The lack of ASLR, stack canaries, or DEP protections typical in budget router firmware makes exploitation straightforward once buffer boundaries are identified.

RemediationAI

Immediate: (1) If TOTOLINK has issued a firmware patch, upgrade to the latest stable version (check support.totolink.net or regional support sites for build dates post-May 2023); (2) If no official patch exists, implement network-level mitigation: restrict access to router management interface (port 80/443) to trusted IP addresses only via firewall rules; (3) Disable remote management features if not required; (4) Change default credentials and enforce strong authentication. Short-term: Monitor TOTOLINK advisory channels for security bulletins. Long-term: Consider device replacement with vendors demonstrating active security patching practices. If source code or detailed advisory emerges, WAF rules blocking oversized or malformed 'submit-url' parameters may provide temporary boundary protection, though this is not a substitute for patching.

CVE-2025-6164 vulnerability details – vuln.today

Back

A3002r Firmware CVE-2025-6164

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code