Skip to main content

A3002ru Firmware CVE-2025-6337

| EUVDEUVD-2025-28720 HIGH
Buffer Overflow (CWE-119)
2025-06-20 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2025-28720
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
PoC Detected
Aug 01, 2025 - 22:18 vuln.today
Public exploit code
CVE Published
Jun 20, 2025 - 12:15 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.0-B20230809.1615 and 4.0.0-B20230531.1404. An authenticated attacker can exploit the 'submit-url' parameter in the /boafrm/formTmultiAP HTTP POST handler to achieve remote code execution with complete system compromise (confidentiality, integrity, and availability). Public exploit code exists and the vulnerability is exploitable over the network with low complexity.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web administration interface, specifically in the /boafrm/formTmultiAP endpoint. The affected parameter 'submit-url' is improperly validated before being written to a fixed-size buffer, resulting in a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) condition. TOTOLINK A3002R/RU are consumer-grade dual-band WiFi routers commonly deployed in small office/home office (SOHO) environments. The vulnerability exists in the router's web UI authentication framework, requiring an attacker to first authenticate but not requiring elevated privileges (L privilege level). The flaw allows stack-based or heap-based buffer overflow depending on implementation, enabling arbitrary code execution with router privileges.

RemediationAI

Immediate actions: (1) Check TOTOLINK's official website and security advisory page for patched firmware versions addressing CVE-2025-6337 for A3002R and A3002RU models. (2) If patches are available, update both affected devices immediately via the router's web UI (Settings > Firmware Update) or manual upload of signed firmware binaries. (3) If no patches exist, implement network-level mitigations: disable remote administration access, restrict web UI access to trusted internal IPs only via firewall rules, and enforce strong authentication credentials (change default admin password immediately). (4) Monitor router logs for unauthorized access attempts to /boafrm/formTmultiAP endpoint. (5) Consider isolating affected routers to separate VLAN or network segment if patches are unavailable. Workarounds are limited due to authentication bypass risk; patching is strongly preferred.

CVE-2024-34198 CRITICAL POC
9.8 Aug 28

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. Rated critical severity

CVE-2018-13316 CRITICAL POC
9.8 Nov 27

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi

CVE-2018-13314 CRITICAL POC
9.8 Nov 27

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi

CVE-2018-13307 CRITICAL POC
9.8 Nov 27

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via th

CVE-2018-13306 CRITICAL POC
9.8 Nov 27

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via t

CVE-2018-13315 CRITICAL POC
9.8 Nov 26

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin use

CVE-2025-6393 HIGH POC
8.8 Jun 21

CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting

CVE-2025-6163 HIGH POC
8.8 Jun 17

Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others)

CVE-2025-6148 HIGH POC
8.8 Jun 17

Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HT

CVE-2025-6953 HIGH POC
8.8 Jul 01

A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an un

CVE-2026-26736 HIGH POC
8.8 Feb 17

Stack-based buffer overflow in TOTOLIK A3002RU firmware versions up to V3.0.0-B20220304.1804 allows authenticated attack

CVE-2025-6939 HIGH POC
8.8 Jul 01

A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown f

Share

CVE-2025-6337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy