How to fix EUVD-2025-17014?

Within 24 hours: Inventory all TOTOLINK N302R Plus devices in your network and isolate those running vulnerable firmware versions from critical systems. Within 7 days: Implement network segmentation to restrict router administrative access and monitor for suspicious HTTP POST requests to /boafrm/formFilter. Within 30 days: Replace affected routers with patched firmware when available, or substitute with alternative vendor equipment that receives active security support.

Is N302r Plus Firmware affected by EUVD-2025-17014?

A critical buffer overflow vulnerability affecting TOTOLINK N302R Plus routers (firmware versions up to 3.4.0-B20201028) allows unauthenticated remote attackers to compromise network infrastructure through a malformed HTTP request.

EUVD-2025-17014

| CVE-2025-5672 HIGH

2025-06-05 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:53 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:53 euvd

EUVD-2025-17014

CVE Published

Jun 05, 2025 - 18:15 nvd

HIGH 8.8

Description

A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical remote buffer overflow vulnerability in TOTOLINK N302R Plus routers up to version 3.4.0-B20201028, affecting the HTTP POST request handler in the /boafrm/formFilter endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'url' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad fully compromised). The vulnerability has public exploit disclosure and represents an active real-world threat to deployed TOTOLINK router infrastructure.

Technical Context

The vulnerability exists in the HTTP POST request handler component of TOTOLINK N302R Plus firmware, specifically in the /boafrm/formFilter endpoint. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition. The 'url' parameter passed to this endpoint lacks proper input validation and bounds checking, allowing an attacker to write arbitrary data beyond allocated buffer boundaries. This affects embedded firmware running on MIPS-based routing hardware. The vulnerability manifests in the web administrative interface, which processes form-based requests. CPE identification: cpe:2.3:o:totolink:n302r_plus_firmware:*:*:*:*:*:*:*:* (versions up to 3.4.0-B20201028).

Affected Products

N302R Plus (Up to and including 3.4.0-B20201028)

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: 0

EUVD-2025-17014 vulnerability details – vuln.today

Back

EUVD-2025-17014

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

EUVD-2025-17014

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code