Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
CVE-2025-6487 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B20200824.0128, affecting the formRoute function's subnet parameter processing. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be treated as actively exploitable.
Technical ContextAI
This vulnerability exists in the web-based router management interface of TOTOLINK A3002R, specifically in the /boafrm/formRoute endpoint which handles routing configuration. The vulnerability is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic stack-based buffer overflow where the subnet parameter is not properly validated before being written to a fixed-size stack buffer. The affected device is a residential WiFi router (802.11n/ac), and the vulnerable code path is likely in embedded C/C++ firmware handling HTTP form submissions. The attack surface includes the router's administrative web interface, which typically runs as root with high privileges.
RemediationAI
Check TOTOLINK support website for firmware updates beyond 1.1.1-B20200824.0128. Contact TOTOLINK directly for security update availability and timeline.; priority: Critical - Apply immediately upon availability Workaround: Restrict access to router administrative interface: (1) Change default admin credentials to strong, unique password; (2) Disable remote management/WAN access to web interface; (3) Use firewall rules to restrict access to /boafrm/formRoute from trusted IPs only; (4) Disable guest WiFi or isolate guest network with ACLs; (5) Update router to most recent available firmware version before this CVE was discovered (if newer versions exist).; effectiveness: Reduces attack surface but does not eliminate vulnerability Network Mitigation: Deploy network segmentation to isolate router management traffic. Implement WAF/IDS rules to detect malformed subnet parameters in HTTP POST requests to /boafrm/formRoute. Monitor router logs for unusual POST requests to this endpoint.; effectiveness: Medium - may detect but not prevent exploitation Device Replacement: If patch is unavailable or delayed, consider replacing TOTOLINK A3002R with alternative router from vendor with active security support.; effectiveness: Eliminates risk entirely
More in A3002r Firmware
View allTOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. Rated critical severit
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc f
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. Rated critical severi
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. Rated
CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting
Critical buffer overflow vulnerability in TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404, affecting the HT
Critical buffer overflow vulnerability in TOTOLINK A3002R firmware version 4.0.0-B20230531.1404 affecting the HTTP POST
CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.
CVE-2025-6486 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. Rated high severit
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. Rated hig
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. Rated high severity (CVSS 8.0), this vul
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18906