Details of VAR-202505-2211

ID

VAR-202505-2211

CVE

CVE-2025-45859

TITLE

TOTOLINK of A3002R Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007043

DESCRIPTION

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the bandstr parameter in the formMapDelDevice interface to correctly verify the length of the input data. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-45859 // JVNDB: JVNDB-2025-007043 // CNVD: CNVD-2025-10938

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10938

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002r	scope:	eq	version:	4.0.0-b20230531.1404	Trust: 1.0
vendor:	totolink	model:	a3002r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	a3002r firmware 4.0.0-b20230531.1404	Trust: 0.8
vendor:	totolink	model:	a3002r v4.0.0-b20230531.1404	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-10938 // JVNDB: JVNDB-2025-007043 // NVD: CVE-2025-45859

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45859
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-007043
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-10938
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-10938
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45859
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007043
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10938 // JVNDB: JVNDB-2025-007043 // NVD: CVE-2025-45859

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007043 // NVD: CVE-2025-45859

EXTERNAL IDS

db:	NVD	id:	CVE-2025-45859	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-007043	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10938	Trust: 0.6

sources: CNVD: CNVD-2025-10938 // JVNDB: JVNDB-2025-007043 // NVD: CVE-2025-45859

REFERENCES

url:	https://github.com/jiangxiazhe/iot_hack/blob/main/totolink/a3002r/4/overflow.md	Trust: 2.4
url:	https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-45859	Trust: 0.8

sources: CNVD: CNVD-2025-10938 // JVNDB: JVNDB-2025-007043 // NVD: CVE-2025-45859

SOURCES

db:	CNVD	id:	CNVD-2025-10938
db:	JVNDB	id:	JVNDB-2025-007043
db:	NVD	id:	CVE-2025-45859

LAST UPDATE DATE

2025-06-18T23:23:14.094000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10938	date:	2025-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-007043	date:	2025-06-17T00:57:00
db:	NVD	id:	CVE-2025-45859	date:	2025-06-16T18:25:52.807

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10938	date:	2025-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-007043	date:	2025-06-17T00:00:00
db:	NVD	id:	CVE-2025-45859	date:	2025-05-13T15:15:58.620