Details of VAR-202505-1719

ID

VAR-202505-1719

CVE

CVE-2025-45865

TITLE

TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005094

DESCRIPTION

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the dnsaddr parameter in the formDhcpv6s interface to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-45865 // JVNDB: JVNDB-2025-005094 // CNVD: CNVD-2025-11206

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11206

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002r	scope:	eq	version:	4.0.0-b20230531.1404	Trust: 1.0
vendor:	totolink	model:	a3002r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	a3002r firmware 4.0.0-b20230531.1404	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r v4.0.0-b20230531.1404	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-11206 // JVNDB: JVNDB-2025-005094 // NVD: CVE-2025-45865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-45865
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45865
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-45865
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-11206
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-11206
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-45865
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2025-45865
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-11206 // JVNDB: JVNDB-2025-005094 // NVD: CVE-2025-45865 // NVD: CVE-2025-45865

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005094 // NVD: CVE-2025-45865

EXTERNAL IDS

db:	NVD	id:	CVE-2025-45865	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-005094	Trust: 0.8
db:	CNVD	id:	CNVD-2025-11206	Trust: 0.6

sources: CNVD: CNVD-2025-11206 // JVNDB: JVNDB-2025-005094 // NVD: CVE-2025-45865

REFERENCES

url:	https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html	Trust: 2.4
url:	https://github.com/jiangxiazhe/iot_hack/blob/main/totolink/a3002r/6/overflow.md	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-45865	Trust: 0.8

sources: CNVD: CNVD-2025-11206 // JVNDB: JVNDB-2025-005094 // NVD: CVE-2025-45865

SOURCES

db:	CNVD	id:	CNVD-2025-11206
db:	JVNDB	id:	JVNDB-2025-005094
db:	NVD	id:	CVE-2025-45865

LAST UPDATE DATE

2025-05-31T19:34:20.540000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11206	date:	2025-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2025-005094	date:	2025-05-16T02:13:00
db:	NVD	id:	CVE-2025-45865	date:	2025-05-15T18:37:31.917

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11206	date:	2025-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2025-005094	date:	2025-05-16T00:00:00
db:	NVD	id:	CVE-2025-45865	date:	2025-05-13T19:15:51.930