Buffer Overflow Vulnerability in TOTOlink A3002R Router
CVE-2025-25609

8HIGH

Key Information:

Vendor: TOTOlink
Status: A3002R
Vendor: CVE Published:; 28 February 2025

Summary

The TOTOlink A3002R router, specifically version V1.1.1-B20200824.0128, is susceptible to a buffer overflow vulnerability stemming from inadequate input validation of the static_ipv6 parameter within the formIpv6Setup interface. This flaw can potentially allow an attacker to manipulate memory, leading to unauthorized access or disruption of services. It is crucial for users of this product to review and apply necessary security patches to mitigate the risk associated with this vulnerability.

References

https://github.com/SunnyYANGyaya/firmcrosser/blob/main/To...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Feb 7, 2025