CVE-2025-6149

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002R version 4.0.0-B20230531.1404

Description A critical vulnerability has been found in the HTTP POST Request Handler component of the affected software. The issue is related to the manipulation of the submit-url argument, which leads to a buffer overflow. This can be exploited remotely. The exploit has been disclosed publicly.

Recommendations For TOTOLINK A3002R version 4.0.0-B20230531.1404, as a temporary workaround, consider restricting access to the /boafrm/formSysLog file and the submit-url argument in the HTTP POST Request Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.