Details of VAR-202506-1056

ID

VAR-202506-1056

CVE

CVE-2025-6401

TITLE

TOTOLINK of N300RH Improper Shutdown and Release of Resources in Firmware Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-009682

DESCRIPTION

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been disclosed to the public and may be used. TOTOLINK of N300RH A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state. The TOTOLINK N300RH is a long-range wireless router released by China's TOTOLINK Electronics. It supports the IEEE 802.11n standard and offers a maximum wireless transmission rate of 300Mbps

Trust: 2.16

sources: NVD: CVE-2025-6401 // JVNDB: JVNDB-2025-009682 // CNVD: CNVD-2025-17706

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17706

AFFECTED PRODUCTS

vendor:	totolink	model:	n300rh	scope:	eq	version:	6.1c.1390_b20191101	Trust: 1.0
vendor:	totolink	model:	n300rh	scope:	eq	version:	n300rh firmware 6.1c.1390 b20191101	Trust: 0.8
vendor:	totolink	model:	n300rh	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n300rh	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	n300rh 6.1c.1390 b20191101	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-17706 // JVNDB: JVNDB-2025-009682 // NVD: CVE-2025-6401

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6401
value:	LOW
Trust: 1.0
OTHER:	JVNDB-2025-009682
value:	LOW
Trust: 0.8
CNVD:	CNVD-2025-17706
value:	LOW
Trust: 0.6

cna@vuldb.com:	CVE-2025-6401
severity:	LOW
baseScore:	2.3
vectorString:	AV:A/AC:M/AU:S/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009682
severity:	LOW
baseScore:	2.3
vectorString:	AV:A/AC:M/AU:S/C:N/I:N/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-17706
severity:	LOW
baseScore:	2.3
vectorString:	AV:A/AC:M/AU:S/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	4.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-6401
baseSeverity:	LOW
baseScore:	3.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.1
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-009682
baseSeverity:	LOW
baseScore:	3.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17706 // JVNDB: JVNDB-2025-009682 // NVD: CVE-2025-6401

PROBLEMTYPE DATA

problemtype:	CWE-404	Trust: 1.0
problemtype:	Improper shutdown and release of resources (CWE-404) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009682 // NVD: CVE-2025-6401

EXTERNAL IDS

db:	NVD	id:	CVE-2025-6401	Trust: 3.2
db:	VULDB	id:	313395	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009682	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17706	Trust: 0.6

sources: CNVD: CNVD-2025-17706 // JVNDB: JVNDB-2025-009682 // NVD: CVE-2025-6401

REFERENCES

url:	https://github.com/d2pq/cve/blob/main/616/21.md	Trust: 1.8
url:	https://github.com/d2pq/cve/blob/main/616/21.md#poc	Trust: 1.8
url:	https://vuldb.com/?id.313395	Trust: 1.8
url:	https://vuldb.com/?submit.597688	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-6401	Trust: 1.4
url:	https://vuldb.com/?ctiid.313395	Trust: 1.0

sources: CNVD: CNVD-2025-17706 // JVNDB: JVNDB-2025-009682 // NVD: CVE-2025-6401

SOURCES

db:	CNVD	id:	CNVD-2025-17706
db:	JVNDB	id:	JVNDB-2025-009682
db:	NVD	id:	CVE-2025-6401

LAST UPDATE DATE

2025-08-09T23:19:01.833000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17706	date:	2025-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2025-009682	date:	2025-07-23T08:41:00
db:	NVD	id:	CVE-2025-6401	date:	2025-06-25T20:14:01.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17706	date:	2025-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2025-009682	date:	2025-07-23T00:00:00
db:	NVD	id:	CVE-2025-6401	date:	2025-06-21T07:15:23.197