Buffer Overflow Vulnerability in TOTOLINK A3002RU Router
CVE-2025-6148

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: A3002RU Router
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-6148?

A severe vulnerability has been discovered in the TOTOLINK A3002RU Router, specifically affecting version 3.0.0-B20230809.1615. This flaw resides within the HTTP POST Request Handler, where improper handling of the submit-url argument can lead to a buffer overflow. Attackers may exploit this vulnerability remotely, allowing unauthorized access and manipulation of the device. It is crucial for users to remain vigilant and apply any available updates to mitigate potential risks.

References

https://github.com/Lena-lyy/cve/blob/main/5.md

https://github.com/Lena-lyy/cve/blob/main/5.md#poc

https://vuldb.com/?ctiid.312623

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025