Sign-up

ID

VAR-202506-1128


CVE

CVE-2025-6337


TITLE

plural  TOTOLINK  Buffer error vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2025-010744

DESCRIPTION

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. A3002RU firmware, A3002R firmware, A3002RU firmware etc. TOTOLINK The product contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002RU and TOTOLINK A3002R are both products of China's Jiweng Electronics (TOTOLINK) Company. TOTOLINK A3002RU is a wireless router product. TOTOLINK A3002R is a wireless router. The vulnerability is caused by the parameter submit-url in the file /boafrm/formTmultiAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-6337 // JVNDB: JVNDB-2025-010744 // CNVD: CNVD-2025-14527

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14527

AFFECTED PRODUCTS

vendor:totolinkmodel:a3002ruscope:eqversion:3.0.0-b20230809.1615

Trust: 1.0

vendor:totolinkmodel:a3002ruscope:eqversion:4.0.0-b20230531.1404

Trust: 1.0

vendor:totolinkmodel:a3002rscope:eqversion:4.0.0-b20230531.1404

Trust: 1.0

vendor:totolinkmodel:a3002rscope:eqversion:3.0.0-b20230809.1615

Trust: 1.0

vendor:totolinkmodel:a3002rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3002ruscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3002r 3.0.0-b20230809.1615scope: - version: -

Trust: 0.6

vendor:totolinkmodel:a3002ru 4.0.0-b20230531.1404scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-14527 // JVNDB: JVNDB-2025-010744 // NVD: CVE-2025-6337

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-6337
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-010744
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-14527
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-6337
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-010744
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-14527
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-6337
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-010744
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-14527 // JVNDB: JVNDB-2025-010744 // NVD: CVE-2025-6337

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-010744 // NVD: CVE-2025-6337

EXTERNAL IDS

db:NVDid:CVE-2025-6337

Trust: 3.2

db:VULDBid:313333

Trust: 1.8

db:JVNDBid:JVNDB-2025-010744

Trust: 0.8

db:CNVDid:CNVD-2025-14527

Trust: 0.6

sources: CNVD: CNVD-2025-14527 // JVNDB: JVNDB-2025-010744 // NVD: CVE-2025-6337

REFERENCES

url:https://github.com/awindog/cve/blob/main/688/13.md

Trust: 2.4

url:https://github.com/awindog/cve/blob/main/688/14.md

Trust: 1.8

url:https://vuldb.com/?id.313333

Trust: 1.8

url:https://vuldb.com/?submit.596691

Trust: 1.8

url:https://vuldb.com/?submit.596692

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.313333

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-6337

Trust: 0.8

sources: CNVD: CNVD-2025-14527 // JVNDB: JVNDB-2025-010744 // NVD: CVE-2025-6337

SOURCES

db:CNVDid:CNVD-2025-14527
db:JVNDBid:JVNDB-2025-010744
db:NVDid:CVE-2025-6337

LAST UPDATE DATE

2025-08-09T23:19:26.840000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-14527date:2025-07-01T00:00:00
db:JVNDBid:JVNDB-2025-010744date:2025-08-06T00:15:00
db:NVDid:CVE-2025-6337date:2025-08-01T22:18:15.433

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-14527date:2025-07-01T00:00:00
db:JVNDBid:JVNDB-2025-010744date:2025-08-06T00:00:00
db:NVDid:CVE-2025-6337date:2025-06-20T12:15:22.517