A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 23 May 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Totolink
Totolink a3002r
Totolink a3002r Firmware
Totolink a3002ru
Totolink a3002ru Firmware
Totolink a702r
Totolink a702r Firmware
CPEs cpe:2.3:h:totolink:a3002r:-:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a702r:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:a3002r_firmware:3.0.0-b20230809.1615:*:*:*:*:*:*:*
cpe:2.3:o:totolink:a3002ru_firmware:3.0.0-b20230809.1615:*:*:*:*:*:*:*
cpe:2.3:o:totolink:a702r_firmware:3.0.0-b20230809.1615:*:*:*:*:*:*:*
Vendors & Products Totolink
Totolink a3002r
Totolink a3002r Firmware
Totolink a3002ru
Totolink a3002ru Firmware
Totolink a702r
Totolink a702r Firmware

Mon, 19 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 17 May 2025 19:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWlanRedirect buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-05-19T14:42:37.586Z

Reserved: 2025-05-16T14:23:51.620Z

Link: CVE-2025-4835

cve-icon Vulnrichment

Updated: 2025-05-19T14:42:34.262Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-17T20:15:19.397

Modified: 2025-05-23T15:50:01.543

Link: CVE-2025-4835

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.