Details of VAR-202506-0372

ID

VAR-202506-0372

CVE

CVE-2025-5672

TITLE

TOTOLINK of N302R Plus Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007271

DESCRIPTION

A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of N302R Plus The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N300R Plus is a wireless router. The vulnerability is caused by incorrect operation of the parameter url. Attackers can use this vulnerability to execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2025-5672 // JVNDB: JVNDB-2025-007271 // CNVD: CNVD-2025-12876

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12876

AFFECTED PRODUCTS

vendor:	totolink	model:	n302r plus	scope:	lt	version:	3.4.0-b20201028	Trust: 1.0
vendor:	totolink	model:	n302r plus	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n302r plus	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	n302r plus	scope:	eq	version:	n302r plus firmware 3.4.0-b20201028	Trust: 0.8
vendor:	totolink	model:	n302r plus <=3.4.0-b20201028	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12876 // JVNDB: JVNDB-2025-007271 // NVD: CVE-2025-5672

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5672
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-007271
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12876
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-5672
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007271
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12876
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5672
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007271
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12876 // JVNDB: JVNDB-2025-007271 // NVD: CVE-2025-5672

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007271 // NVD: CVE-2025-5672

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5672	Trust: 3.2
db:	VULDB	id:	311161	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-007271	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12876	Trust: 0.6

sources: CNVD: CNVD-2025-12876 // JVNDB: JVNDB-2025-007271 // NVD: CVE-2025-5672

REFERENCES

url:	https://vuldb.com/?id.311161	Trust: 1.8
url:	https://vuldb.com/?submit.590094	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://github.com/byxs0x0/cve2/blob/main/530/2.md	Trust: 1.6
url:	https://vuldb.com/?ctiid.311161	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5672	Trust: 0.8

sources: CNVD: CNVD-2025-12876 // JVNDB: JVNDB-2025-007271 // NVD: CVE-2025-5672

SOURCES

db:	CNVD	id:	CNVD-2025-12876
db:	JVNDB	id:	JVNDB-2025-007271
db:	NVD	id:	CVE-2025-5672

LAST UPDATE DATE

2025-06-21T23:34:07.559000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12876	date:	2025-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2025-007271	date:	2025-06-19T07:06:00
db:	NVD	id:	CVE-2025-5672	date:	2025-06-17T20:38:41.147

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12876	date:	2025-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2025-007271	date:	2025-06-19T00:00:00
db:	NVD	id:	CVE-2025-5672	date:	2025-06-05T18:15:23.220