CVE-2025-25635

Published: Feb 28, 2025Modified: Oct 2, 2025

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.

Affected (1)

Products: Totolink: A3002r Firmware

Totolink

1 product

A3002r Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink A3002r Firmware	Version 1.1.1-b20200824.0128

Running on/with	Platform Versions
Totolink A3002r	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-pppoe_dns1.md

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.