EUVD-2025-18906

| CVE-2025-6487 HIGH
2025-06-22 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 21:55 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 21:55 euvd
EUVD-2025-18906
PoC Detected
Jul 07, 2025 - 18:50 vuln.today
Public exploit code
CVE Published
Jun 22, 2025 - 18:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link Stack Overflow RCE A3002r Firmware TOTOLINK

Description

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-6487 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B20200824.0128, affecting the formRoute function's subnet parameter processing. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be treated as actively exploitable.

Technical Context

This vulnerability exists in the web-based router management interface of TOTOLINK A3002R, specifically in the /boafrm/formRoute endpoint which handles routing configuration. The vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack-based buffer overflow where the subnet parameter is not properly validated before being written to a fixed-size stack buffer. The affected device is a residential WiFi router (802.11n/ac), and the vulnerable code path is likely in embedded C/C++ firmware handling HTTP form submissions. The attack surface includes the router's administrative web interface, which typically runs as root with high privileges.

Affected Products

A3002R (['1.1.1-B20200824.0128'])

Remediation

Check TOTOLINK support website for firmware updates beyond 1.1.1-B20200824.0128. Contact TOTOLINK directly for security update availability and timeline.; priority: Critical - Apply immediately upon availability Workaround: Restrict access to router administrative interface: (1) Change default admin credentials to strong, unique password; (2) Disable remote management/WAN access to web interface; (3) Use firewall rules to restrict access to /boafrm/formRoute from trusted IPs only; (4) Disable guest WiFi or isolate guest network with ACLs; (5) Update router to most recent available firmware version before this CVE was discovered (if newer versions exist).; effectiveness: Reduces attack surface but does not eliminate vulnerability Network Mitigation: Deploy network segmentation to isolate router management traffic. Implement WAF/IDS rules to detect malformed subnet parameters in HTTP POST requests to /boafrm/formRoute. Monitor router logs for unusual POST requests to this endpoint.; effectiveness: Medium - may detect but not prevent exploitation Device Replacement: If patch is unavailable or delayed, consider replacing TOTOLINK A3002R with alternative router from vendor with active security support.; effectiveness: Eliminates risk entirely

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +44
POC: +20

Share

EUVD-2025-18906 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy