PT-2025-44659 · Totolink · Totolink Lr350
Published
2025-10-31
·
Updated
2025-11-01
·
CVE-2025-63463
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Totolink LR350 version 9.3.5u.6369 B20220309
Description
The software contains a stack overflow issue via the
wifiOff parameter in the sub 4232EC function. This allows attackers to cause a Denial of Service (DoS) through a crafted request.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the
sub 4232EC function until a patch is available. Avoid using the wifiOff parameter in requests to the affected device until the issue is resolved.Exploit
Fix
DoS
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink Lr350