Unrated severityNVD Advisory· Published May 17, 2025· Updated May 19, 2025

TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formReflashClientTbl submit-url buffer overflow

CVE-2025-4823

Description

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Affected products

Totolink/A3002RUllm-fuzzy
Range: = 3.0.0-B20230809.1615
Totolink/A702Rllm-fuzzy
Range: = 3.0.0-B20230809.1615
TOTOLINK/A3002Rv5
Range: 3.0.0-B20230809.1615
TOTOLINK/A3002RUv5
Range: 3.0.0-B20230809.1615
TOTOLINK/A702Rv5
Range: 3.0.0-B20230809.1615

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/CH13hh/tmp_store_cc/blob/main/toto/1.mdmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.totolink.netmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000