Skip to main content

A3002ru Firmware EUVDEUVD-2025-18456

| CVE-2025-6148 HIGH
Buffer Overflow (CWE-119)
2025-06-17 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18456
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
PoC Detected
Jun 23, 2025 - 19:28 vuln.today
Public exploit code
CVE Published
Jun 17, 2025 - 01:15 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this via manipulation of the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and represents an active threat to deployed devices.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component of TOTOLINK A3002RU, specifically in the /boafrm/formSysLog file processing logic. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where user-supplied input via the submit-url parameter is not properly validated or bounds-checked before being written to a fixed-size buffer. The TOTOLINK A3002RU is a wireless router (CPE likely: cpe:2.3:h:totolink:a3002ru:3.0.0-*). The affected component processes form data in the boaform CGI interface, a common web-based management interface in embedded networking devices. The manipulation occurs at the HTTP application layer, with insufficient input sanitization allowing an attacker to overflow stack or heap buffers and inject arbitrary code.

RemediationAI

Immediate remediation steps: (1) If available, update TOTOLINK A3002RU firmware to a patched version released after 3.0.0-B20230809.1615 (check TOTOLINK support portal at support.totolink.net for firmware updates); (2) As an interim mitigation, restrict HTTP access to the /boafrm/formSysLog endpoint via firewall rules or network segmentation to trusted administrative networks only; (3) Disable or restrict access to the web-based management interface if not actively used; (4) Change default credentials and enforce strong authentication if the device supports it; (5) Monitor for suspicious POST requests to /boafrm/formSysLog with unusual submit-url parameter values. Vendor advisory and patches should be obtained directly from TOTOLINK; check for advisory notices on their security page or contact support for available firmware patches.

CVE-2024-34198 CRITICAL POC
9.8 Aug 28

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. Rated critical severity

CVE-2018-13316 CRITICAL POC
9.8 Nov 27

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi

CVE-2018-13314 CRITICAL POC
9.8 Nov 27

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi

CVE-2018-13307 CRITICAL POC
9.8 Nov 27

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via th

CVE-2018-13306 CRITICAL POC
9.8 Nov 27

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via t

CVE-2018-13315 CRITICAL POC
9.8 Nov 26

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin use

CVE-2025-6393 HIGH POC
8.8 Jun 21

CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting

CVE-2025-6163 HIGH POC
8.8 Jun 17

Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others)

CVE-2025-6337 HIGH POC
8.8 Jun 20

CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.

CVE-2025-6953 HIGH POC
8.8 Jul 01

A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an un

CVE-2026-26736 HIGH POC
8.8 Feb 17

Stack-based buffer overflow in TOTOLIK A3002RU firmware versions up to V3.0.0-B20220304.1804 allows authenticated attack

CVE-2025-6939 HIGH POC
8.8 Jul 01

A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown f

Share

EUVD-2025-18456 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy