What is the CVSS score of CVE-2025-6337?

CVE-2025-6337 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of A3002r Firmware are affected by CVE-2025-6337?

A critical buffer overflow vulnerability in TOTOLIK A3002R/RU routers (CVE-2025-6337) allows unauthenticated remote attackers to compromise affected devices.

Is there a public PoC exploit available for CVE-2025-6337?

Yes, a public proof-of-concept exploit is available for CVE-2025-6337. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate CVE-2025-6337?

Within 24 hours: Identify and inventory all TOTOLINK A3002R and A3002RU devices in production; isolate affected routers from critical network segments if possible and restrict WAN access. Within 7 days: Implement WAF rules to block POST requests to /boafrm/formTmultiAP with suspicious submit-url parameters; monitor for exploitation attempts in network logs; contact TOTOLINK for patch timeline. Within 30 days: Replace affected routers with patched firmware versions as soon as available, or migrate to alternative router models from vendors with active security support.

A3002r Firmware CVE-2025-6337

EUVD-2025-28720 HIGH

Buffer Overflow (CWE-119)

2025-06-20 cna@vuldb.com

Buffer Overflow TP-Link A3002r Firmware A3002ru Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-28720

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

PoC Detected

Aug 01, 2025 - 22:18 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 12:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.0-B20230809.1615 and 4.0.0-B20230531.1404. An authenticated attacker can exploit the 'submit-url' parameter in the /boafrm/formTmultiAP HTTP POST handler to achieve remote code execution with complete system compromise (confidentiality, integrity, and availability). Public exploit code exists and the vulnerability is exploitable over the network with low complexity.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web administration interface, specifically in the /boafrm/formTmultiAP endpoint. The affected parameter 'submit-url' is improperly validated before being written to a fixed-size buffer, resulting in a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) condition. TOTOLINK A3002R/RU are consumer-grade dual-band WiFi routers commonly deployed in small office/home office (SOHO) environments. The vulnerability exists in the router's web UI authentication framework, requiring an attacker to first authenticate but not requiring elevated privileges (L privilege level). The flaw allows stack-based or heap-based buffer overflow depending on implementation, enabling arbitrary code execution with router privileges.

RemediationAI

Immediate actions: (1) Check TOTOLINK's official website and security advisory page for patched firmware versions addressing CVE-2025-6337 for A3002R and A3002RU models. (2) If patches are available, update both affected devices immediately via the router's web UI (Settings > Firmware Update) or manual upload of signed firmware binaries. (3) If no patches exist, implement network-level mitigations: disable remote administration access, restrict web UI access to trusted internal IPs only via firewall rules, and enforce strong authentication credentials (change default admin password immediately). (4) Monitor router logs for unauthorized access attempts to /boafrm/formTmultiAP endpoint. (5) Consider isolating affected routers to separate VLAN or network segment if patches are unavailable. Workarounds are limited due to authentication bypass risk; patching is strongly preferred.