Buffer Overflow in TOTOLINK A702R, A3002R and A3002RU Products
CVE-2025-4834

8.7HIGH

Key Information:

Vendor: Totolink
Status: A702r; A3002r; A3002ru
Vendor: CVE Published:; 17 May 2025

What is CVE-2025-4834?

A vulnerability exists in certain TOTOLINK router models that allows for a buffer overflow due to improper handling of the HTTP POST request in the formSetLg function. This flaw can be exploited via remote access, enabling attackers to manipulate the submit-url argument and potentially execute arbitrary code. Public disclosure of the exploit raises risks for vulnerable systems, emphasizing the need for immediate attention and mitigation strategies.

Affected Version(s)

A3002R 3.0.0-B20230809.1615

A3002RU 3.0.0-B20230809.1615

A702R 3.0.0-B20230809.1615

References

https://vuldb.com/?id.309300

vdb-entrytechnical-description

https://vuldb.com/?ctiid.309300

signaturepermissions-required

https://vuldb.com/?submit.574607

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2025
Vulnerability Reserved
May 16, 2025

Credit

DaddyShark (VulDB User)

Totolink

What is CVE-2025-4834?

Affected Version(s)

References

CVSS V4

Timeline

Credit