Details of VAR-202505-2211

ID

VAR-202505-2211

CVE

CVE-2025-45859

TITLE

TOTOLINK A3002R formMapDelDevice interface bandstr parameter buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-10938

DESCRIPTION

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. The vulnerability is caused by the failure of the bandstr parameter in the formMapDelDevice interface to correctly verify the length of the input data. No detailed vulnerability details are currently provided

Trust: 1.44

sources: NVD: CVE-2025-45859 // CNVD: CNVD-2025-10938

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10938

AFFECTED PRODUCTS

vendor:

totolink

model:

a3002r v4.0.0-b20230531.1404

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-10938

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45859
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-10938
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-10938
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45859
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-10938 // NVD: CVE-2025-45859

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.0

sources: NVD: CVE-2025-45859

EXTERNAL IDS

db:	NVD	id:	CVE-2025-45859	Trust: 1.6
db:	CNVD	id:	CNVD-2025-10938	Trust: 0.6

sources: CNVD: CNVD-2025-10938 // NVD: CVE-2025-45859

REFERENCES

url:	https://github.com/jiangxiazhe/iot_hack/blob/main/totolink/a3002r/4/overflow.md	Trust: 1.6
url:	https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html	Trust: 1.0

sources: CNVD: CNVD-2025-10938 // NVD: CVE-2025-45859

SOURCES

db:	CNVD	id:	CNVD-2025-10938
db:	NVD	id:	CVE-2025-45859

LAST UPDATE DATE

2025-05-30T23:23:34.574000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10938	date:	2025-05-29T00:00:00
db:	NVD	id:	CVE-2025-45859	date:	2025-05-14T15:15:59.213

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10938	date:	2025-05-29T00:00:00
db:	NVD	id:	CVE-2025-45859	date:	2025-05-13T15:15:58.620