CVE-2025-6400

| EUVD-2025-18805 HIGH
2025-06-21 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 21:35 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 21:35 euvd
EUVD-2025-18805
PoC Detected
Jun 25, 2025 - 20:13 vuln.today
Public exploit code
CVE Published
Jun 21, 2025 - 06:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link RCE N300rh Firmware TOTOLINK

Description

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP POST Message Handler. The manipulation of the argument service_type leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-6400 is a critical buffer overflow vulnerability in TOTOLINK N300RH router firmware version 6.1c.1390_B20191101, exploitable via HTTP POST requests to the /boafrm/formPortFw endpoint through manipulation of the service_type parameter. An authenticated attacker can remotely trigger this vulnerability to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability meets criteria for active exploitation risk due to disclosed POC and remote exploitability from an authenticated state.

Technical Context

The vulnerability exists in the HTTP POST message handler component of TOTOLINK's web management interface, specifically in the port forwarding configuration endpoint (/boafrm/formPortFw). The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow flaw where user-supplied input in the 'service_type' parameter is not properly validated before being written to a fixed-size buffer on the stack or heap. The affected product is a residential WiFi router running a proprietary firmware stack with a web-based management interface. The HTTP POST handler parses incoming form data without adequate bounds checking, allowing an authenticated user to overflow adjacent memory regions and potentially achieve arbitrary code execution or denial of service.

Affected Products

TOTOLINK N300RH router running firmware version 6.1c.1390_B20191101 and potentially earlier/related versions. CPE string: cpe:2.3:o:totolink:n300rh_firmware:6.1c.1390_b20191101:*:*:*:*:*:*:*. The N300RH is a 300 Mbps wireless router intended for residential and small office use. Related TOTOLINK product lines sharing similar firmware architectures may also be vulnerable, though this specific CVE references only the N300RH version noted.

Remediation

Immediate actions: (1) TOTOLINK should release a patched firmware version addressing the buffer overflow in the formPortFw handler; no specific patch version is referenced in available data, requiring vendor contact for timeline. (2) Users should disable remote management/web access if not required, restricting web interface access to local LAN only via firewall rules. (3) Implement strong authentication (change default credentials) to reduce risk from credential-based attacks. (4) Monitor for suspicious POST requests to /boafrm/formPortFw endpoint. (5) Consider replacing the router with an alternative vendor if TOTOLIK cannot provide a timely patch. (6) If web management must be exposed, place behind a VPN or firewall restricting access to trusted IPs. Contact TOTOLINK support directly for patch availability and release timelines; as of this analysis, no public patch link is confirmed.

Priority Score

65
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +44
POC: +20

Share

CVE-2025-6400 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy