Sign-up

ID

VAR-202504-3196


CVE

CVE-2025-3991


TITLE

TOTOLINK  of  N150RT  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-004830

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the submit-url parameter in the file /boafrm/formWdsEncrypt to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-3991 // JVNDB: JVNDB-2025-004830 // CNVD: CNVD-2025-09855

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-09855

AFFECTED PRODUCTS

vendor:totolinkmodel:n150rtscope:eqversion:3.4.0-b20190525

Trust: 1.0

vendor:totolinkmodel:n150rtscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:n150rtscope: - version: -

Trust: 0.8

vendor:totolinkmodel:n150rtscope:eqversion:n150rt firmware 3.4.0-b20190525

Trust: 0.8

vendor:totolinkmodel:n150rt 3.4.0-b20190525scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-09855 // JVNDB: JVNDB-2025-004830 // NVD: CVE-2025-3991

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-3991
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-004830
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-09855
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-3991
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-004830
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-09855
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-3991
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-004830
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-09855 // JVNDB: JVNDB-2025-004830 // NVD: CVE-2025-3991

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-004830 // NVD: CVE-2025-3991

PATCH

title:Patch for TOTOLINK N150RT /boafrm/formWdsEncrypt file buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/687746

Trust: 0.6

sources: CNVD: CNVD-2025-09855

EXTERNAL IDS

db:NVDid:CVE-2025-3991

Trust: 3.2

db:VULDBid:306327

Trust: 1.8

db:JVNDBid:JVNDB-2025-004830

Trust: 0.8

db:CNVDid:CNVD-2025-09855

Trust: 0.6

sources: CNVD: CNVD-2025-09855 // JVNDB: JVNDB-2025-004830 // NVD: CVE-2025-3991

REFERENCES

url:https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/n150rt/bufferoverflow_formwdsencrypt

Trust: 1.8

url:https://vuldb.com/?id.306327

Trust: 1.8

url:https://vuldb.com/?submit.557942

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-3991

Trust: 1.4

url:https://vuldb.com/?ctiid.306327

Trust: 1.0

sources: CNVD: CNVD-2025-09855 // JVNDB: JVNDB-2025-004830 // NVD: CVE-2025-3991

SOURCES

db:CNVDid:CNVD-2025-09855
db:JVNDBid:JVNDB-2025-004830
db:NVDid:CVE-2025-3991

LAST UPDATE DATE

2025-05-17T03:59:49.446000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-09855date:2025-05-15T00:00:00
db:JVNDBid:JVNDB-2025-004830date:2025-05-13T12:49:00
db:NVDid:CVE-2025-3991date:2025-05-12T19:31:21.247

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-09855date:2025-05-13T00:00:00
db:JVNDBid:JVNDB-2025-004830date:2025-05-13T00:00:00
db:NVDid:CVE-2025-3991date:2025-04-28T00:15:15.877