Buffer Overflow in TOTOLINK A3002R Router Firmware
CVE-2025-45866

5.4MEDIUM

Key Information:

Vendor

TOTOLINK

Status
Vendor
CVE Published:
13 May 2025

What is CVE-2025-45866?

The TOTOLINK A3002R router firmware version v4.0.0-B20230531.1404 has a buffer overflow vulnerability stemming from inadequate validation of the addrPoolEnd parameter within the formDhcpv6s interface. This oversight can be exploited by an attacker to execute arbitrary code, potentially compromising the device and the network it connects to.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.