Details of VAR-202506-0946

ID

VAR-202506-0946

CVE

CVE-2025-6164

TITLE

TOTOLINK of A3002R Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007829

DESCRIPTION

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002R The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002R is a wireless router produced by China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 2.16

sources: NVD: CVE-2025-6164 // JVNDB: JVNDB-2025-007829 // CNVD: CNVD-2025-13780

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13780

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002r	scope:	eq	version:	4.0.0-b20230531.1404	Trust: 1.0
vendor:	totolink	model:	a3002r	scope:	eq	version:	a3002r firmware 4.0.0-b20230531.1404	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r 4.0.0-b20230531.1404	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-13780 // JVNDB: JVNDB-2025-007829 // NVD: CVE-2025-6164

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6164
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-007829
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-13780
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-6164
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007829
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-13780
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-6164
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007829
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13780 // JVNDB: JVNDB-2025-007829 // NVD: CVE-2025-6164

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007829 // NVD: CVE-2025-6164

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6164	Trust: 3.2
db:	VULDB	id:	312639	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-007829	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13780	Trust: 0.6

sources: CNVD: CNVD-2025-13780 // JVNDB: JVNDB-2025-007829 // NVD: CVE-2025-6164

REFERENCES

url:	https://github.com/awindog/cve/blob/main/688/10.md	Trust: 1.8
url:	https://github.com/awindog/cve/blob/main/688/10.md#poc	Trust: 1.8
url:	https://vuldb.com/?id.312639	Trust: 1.8
url:	https://vuldb.com/?submit.593602	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6164	Trust: 1.4
url:	https://vuldb.com/?ctiid.312639	Trust: 1.0

sources: CNVD: CNVD-2025-13780 // JVNDB: JVNDB-2025-007829 // NVD: CVE-2025-6164

SOURCES

db:	CNVD	id:	CNVD-2025-13780
db:	JVNDB	id:	JVNDB-2025-007829
db:	NVD	id:	CVE-2025-6164

LAST UPDATE DATE

2025-07-03T23:10:35.334000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13780	date:	2025-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2025-007829	date:	2025-07-02T09:16:00
db:	NVD	id:	CVE-2025-6164	date:	2025-06-23T19:01:39.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13780	date:	2025-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2025-007829	date:	2025-07-02T00:00:00
db:	NVD	id:	CVE-2025-6164	date:	2025-06-17T06:15:22.023