CVE-2025-6401

Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RH version 6.1c.1390 B20191101

Description: A problematic issue was found in the HTTP POST Message Handler component, specifically affecting an unknown part of the file /boafrm/formFilter. The manipulation of the url argument leads to denial of service. The exploit has been disclosed to the public and may be used.

Recommendations: For TOTOLINK N300RH version 6.1c.1390 B20191101, consider restricting access to the /boafrm/formFilter file to minimize the risk of exploitation. As a temporary workaround, avoid using the url argument in the affected HTTP POST Message Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.