CVE-2025-25635 — Classic Buffer Overflow in A3002r Firmware

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

8.0HIGHNVD

EPSS

0.1%

top 75.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink A3002r Firmware

Timeline

PublishedFeb 28

Description

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

▶NVDtotolink/a3002r_firmware1.1.1-b20200824.0128

🔴Vulnerability Details

CVEList

CVE-2025-25635: TOTOlink A3002R V1↗2025-02-28

▶

GHSA

GHSA-4fpf-m9cc-vw8p: TOTOlink A3002R V1↗2025-02-28

▶