CVE-2025-45859

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002R version 4.0.0-B20230531.1404

Description The issue is related to a buffer overflow in the formMapDelDevice interface of the TOTOLINK A3002R router's firmware. This occurs due to the lack of size checking for input data, which can be exploited by a remote attacker to impact the confidentiality and integrity of protected information. The buffer overflow is specifically caused by the bandstr parameter in the formMapDelDevice interface.

Recommendations For TOTOLINK A3002R version 4.0.0-B20230531.1404, as a temporary workaround, consider disabling the formMapDelDevice interface until a patch is available. Restrict access to the bandstr parameter in the formMapDelDevice interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.