PT-2025-9130 · Totolink · Totolink A3002Ru

Published

2025-02-28

Updated

2025-03-02

CVE-2025-25610

CVSS v3.1

8.0

High

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOlink A3002R version V1.1.1-B20200824.0128

Description The issue arises from a buffer overflow due to improper input validation of the static gw parameter in the formIpv6Setup interface of the /bin/boa endpoint.

Recommendations For TOTOlink A3002R version V1.1.1-B20200824.0128, avoid using the static gw parameter in the formIpv6Setup interface of the /bin/boa endpoint until the issue is resolved. Restrict access to the /bin/boa endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2025-25610

Affected Products

Totolink A3002Ru

PT-2025-9130 · Totolink · Totolink A3002Ru

CVE-2025-25610

Weakness Enumeration

Related Identifiers

Affected Products

References · 6