Details of VAR-202505-0222

ID

VAR-202505-0222

CVE

CVE-2025-4462

TITLE

TOTOLINK of N150RT Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005666

DESCRIPTION

A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N150RT The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N150RT is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the parameter localPin in the file /boafrm/formWsc to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-4462 // JVNDB: JVNDB-2025-005666 // CNVD: CNVD-2025-11204

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11204

AFFECTED PRODUCTS

vendor:	totolink	model:	n150rt	scope:	eq	version:	3.4.0-b20190525	Trust: 1.0
vendor:	totolink	model:	n150rt	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n150rt	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	n150rt	scope:	eq	version:	n150rt firmware 3.4.0-b20190525	Trust: 0.8
vendor:	totolink	model:	n150rt 3.4.0-b20190525	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-11204 // JVNDB: JVNDB-2025-005666 // NVD: CVE-2025-4462

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-4462
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-005666
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-11204
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-4462
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-005666
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-11204
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-4462
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-005666
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-11204 // JVNDB: JVNDB-2025-005666 // NVD: CVE-2025-4462

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005666 // NVD: CVE-2025-4462

PATCH

title:

Patch for TOTOLINK N150RT /boafrm/formWsc file buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/692941

Trust: 0.6

sources: CNVD: CNVD-2025-11204

EXTERNAL IDS

db:	NVD	id:	CVE-2025-4462	Trust: 3.2
db:	VULDB	id:	308081	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-005666	Trust: 0.8
db:	CNVD	id:	CNVD-2025-11204	Trust: 0.6

sources: CNVD: CNVD-2025-11204 // JVNDB: JVNDB-2025-005666 // NVD: CVE-2025-4462

REFERENCES

url:	https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/n150rt/bufferoverflow_formwsc_2	Trust: 2.4
url:	https://vuldb.com/?id.308081	Trust: 1.8
url:	https://vuldb.com/?submit.565958	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://vuldb.com/?ctiid.308081	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-4462	Trust: 0.8

sources: CNVD: CNVD-2025-11204 // JVNDB: JVNDB-2025-005666 // NVD: CVE-2025-4462

SOURCES

db:	CNVD	id:	CNVD-2025-11204
db:	JVNDB	id:	JVNDB-2025-005666
db:	NVD	id:	CVE-2025-4462

LAST UPDATE DATE

2025-06-02T23:30:31.721000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11204	date:	2025-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2025-005666	date:	2025-05-26T06:46:00
db:	NVD	id:	CVE-2025-4462	date:	2025-05-23T12:37:15.720

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11204	date:	2025-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2025-005666	date:	2025-05-26T00:00:00
db:	NVD	id:	CVE-2025-4462	date:	2025-05-09T05:15:52.307