CVE-2025-4823

TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formReflashClientTbl submit-url buffer overflow

CVSS 8.7 HIGHEPSS 0.7%CWE-119 CWE-120

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

TOTOLINK · A3002R TOTOLINK · A3002RU TOTOLINK · A702R

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/CH13hh/tmp_store_cc/blob/main/toto/1.md https://vuldb.com/?ctiid.309284 https://vuldb.com/?id.309284 https://vuldb.com/?submit.574593 https://www.totolink.net/