Totolink N302R Plus Firmware vulnerabilities

CVE-2025-5672 [HIGH] CWE-119 CVE-2025-5672: A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critic A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has b

CVE-2025-5671 [HIGH] CWE-119 CVE-2025-5671: A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B202 A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been di

CVE-2020-25499 [HIGH] CWE-78 CVE-2020-25499: TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.