Details of VAR-202505-2167

ID

VAR-202505-2167

CVE

CVE-2025-45863

TITLE

TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005632

DESCRIPTION

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface. TOTOLINK of A3002R Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the macstr parameter in the formMapDelDevice interface failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-45863 // JVNDB: JVNDB-2025-005632 // CNVD: CNVD-2025-10939

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10939

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002r	scope:	eq	version:	4.0.0-b20230531.1404	Trust: 1.0
vendor:	totolink	model:	a3002r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	a3002r firmware 4.0.0-b20230531.1404	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r v4.0.0-b20230531.1404	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-10939 // JVNDB: JVNDB-2025-005632 // NVD: CVE-2025-45863

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45863
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-005632
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-10939
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-10939
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45863
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-005632
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10939 // JVNDB: JVNDB-2025-005632 // NVD: CVE-2025-45863

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005632 // NVD: CVE-2025-45863

EXTERNAL IDS

db:	NVD	id:	CVE-2025-45863	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-005632	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10939	Trust: 0.6

sources: CNVD: CNVD-2025-10939 // JVNDB: JVNDB-2025-005632 // NVD: CVE-2025-45863

REFERENCES

url:	https://github.com/jiangxiazhe/iot_hack/blob/main/totolink/a3002r/5/overflow.md	Trust: 2.4
url:	https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-45863	Trust: 0.8

sources: CNVD: CNVD-2025-10939 // JVNDB: JVNDB-2025-005632 // NVD: CVE-2025-45863

SOURCES

db:	CNVD	id:	CNVD-2025-10939
db:	JVNDB	id:	JVNDB-2025-005632
db:	NVD	id:	CVE-2025-45863

LAST UPDATE DATE

2025-05-30T23:17:22.376000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10939	date:	2025-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-005632	date:	2025-05-26T02:01:00
db:	NVD	id:	CVE-2025-45863	date:	2025-05-23T18:55:24.013

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10939	date:	2025-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-005632	date:	2025-05-26T00:00:00
db:	NVD	id:	CVE-2025-45863	date:	2025-05-13T20:15:29.887