Details of VAR-202505-1252

ID

VAR-202505-1252

CVE

CVE-2025-45841

TITLE

TOTOLINK of nr1800x Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005221

DESCRIPTION

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. TOTOLINK of nr1800x An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK NR1800X is an excellent 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK Electronics. TOTOLINK NR1800X has a buffer overflow vulnerability. The vulnerability is caused by the text parameter in the setSmsCfg function failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-45841 // JVNDB: JVNDB-2025-005221 // CNVD: CNVD-2025-10920

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10920

AFFECTED PRODUCTS

vendor:	totolink	model:	nr1800x	scope:	eq	version:	9.1.0u.6681_b20230703	Trust: 1.0
vendor:	totolink	model:	nr1800x	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	nr1800x	scope:	eq	version:	nr1800x firmware 9.1.0u.6681 b20230703	Trust: 0.8
vendor:	totolink	model:	nr1800x	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	nr1800x v9.1.0u.6681 b20230703	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-10920 // JVNDB: JVNDB-2025-005221 // NVD: CVE-2025-45841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-45841
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45841
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2025-45841
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-10920
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-10920
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-45841
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45841
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2025-45841
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10920 // JVNDB: JVNDB-2025-005221 // NVD: CVE-2025-45841 // NVD: CVE-2025-45841

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005221 // NVD: CVE-2025-45841

EXTERNAL IDS

db:	NVD	id:	CVE-2025-45841	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-005221	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10920	Trust: 0.6

sources: CNVD: CNVD-2025-10920 // JVNDB: JVNDB-2025-005221 // NVD: CVE-2025-45841

REFERENCES

url:	https://github.com/regainer27/cve-key/blob/main/bo1/readme.md	Trust: 2.4
url:	https://www.totolink.net/	Trust: 1.8
url:	https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/225/ids/36.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-45841	Trust: 0.8

sources: CNVD: CNVD-2025-10920 // JVNDB: JVNDB-2025-005221 // NVD: CVE-2025-45841

SOURCES

db:	CNVD	id:	CNVD-2025-10920
db:	JVNDB	id:	JVNDB-2025-005221
db:	NVD	id:	CVE-2025-45841

LAST UPDATE DATE

2025-05-29T19:32:18.279000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10920	date:	2025-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2025-005221	date:	2025-05-19T07:31:00
db:	NVD	id:	CVE-2025-45841	date:	2025-05-16T15:39:52.967

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10920	date:	2025-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2025-005221	date:	2025-05-19T00:00:00
db:	NVD	id:	CVE-2025-45841	date:	2025-05-08T16:15:26.557