CVE-2025-3989

CWE-119Buffer OverflowCWE-120Classic Buffer Overflow4 documents4 sources
Severity
8.7HIGH
EPSS
0.6%
top 31.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink N150rtTotolink N150rt Firmware
Timeline
PublishedApr 27
Latest updateApr 28

Description

A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/n150rt3.4.0-B20190525
NVDtotolink/n150rt_firmware3.4.0-b20190525

🔴Vulnerability Details

2
GHSA
GHSA-4jgj-9c7f-7hvv: A vulnerability classified as critical was found in TOTOLINK N150RT 32025-04-28
CVEList
TOTOLINK N150RT formStaticDHCP buffer overflow2025-04-27

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS D-Link DWR-M961/Totolink N150RT formStaticDHCP buffer overflow (CVE-2025-3785, CVE-2025-3989)2025-04-18
CVE-2025-3989 (HIGH CVSS 8.7) | A vulnerability classified as criti | cvebase.io