Skip to main content

N302r Plus Firmware

3 CVEs product

Monthly

CVE-2025-5672 HIGH This Week

Critical remote buffer overflow vulnerability in TOTOLINK N302R Plus routers up to version 3.4.0-B20201028, affecting the HTTP POST request handler in the /boafrm/formFilter endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'url' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad fully compromised). The vulnerability has public exploit disclosure and represents an active real-world threat to deployed TOTOLINK router infrastructure.

Buffer Overflow TP-Link RCE N302r Plus Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5671 HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK N302R Plus router firmware (versions up to 3.4.0-B20201028) in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated remote attacker can exploit this by manipulating the 'service_type' parameter to cause buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability shows strong indicators of active exploitation risk.

Buffer Overflow TP-Link RCE N302r Plus Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2020-25499 HIGH POC PATCH This Week

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection A3002r Firmware A3002Ru V1 Firmware A3002Ru V2 Firmware A702R V2 Firmware +9
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
EPSS 0% CVSS 8.8
HIGH This Week

Critical remote buffer overflow vulnerability in TOTOLINK N302R Plus routers up to version 3.4.0-B20201028, affecting the HTTP POST request handler in the /boafrm/formFilter endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'url' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad fully compromised). The vulnerability has public exploit disclosure and represents an active real-world threat to deployed TOTOLINK router infrastructure.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK N302R Plus router firmware (versions up to 3.4.0-B20201028) in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated remote attacker can exploit this by manipulating the 'service_type' parameter to cause buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability shows strong indicators of active exploitation risk.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection A3002r Firmware A3002Ru V1 Firmware +11
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy