Sign-up

ID

VAR-202507-0016


CVE

CVE-2025-6953


TITLE

TOTOLINK  of  A3002RU  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008161

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002RU The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A3002RU is a wireless router product of China's Jiweng Electronics (TOTOLINK) Company. The vulnerability is caused by the parameter submit-url in the file /boafrm/formParentControl failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-6953 // JVNDB: JVNDB-2025-008161 // CNVD: CNVD-2025-15182

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15182

AFFECTED PRODUCTS

vendor:totolinkmodel:a3002ruscope:eqversion:3.0.0-b20230809.1615

Trust: 1.0

vendor:totolinkmodel:a3002ruscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3002ruscope: - version: -

Trust: 0.8

vendor:totolinkmodel:a3002ruscope:eqversion:a3002ru firmware 3.0.0-b20230809.1615

Trust: 0.8

vendor:totolinkmodel:a3002ru 3.0.0-b20230809.1615scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-15182 // JVNDB: JVNDB-2025-008161 // NVD: CVE-2025-6953

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-6953
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-008161
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-15182
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-6953
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-008161
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-15182
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-6953
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-008161
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-15182 // JVNDB: JVNDB-2025-008161 // NVD: CVE-2025-6953

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008161 // NVD: CVE-2025-6953

EXTERNAL IDS

db:NVDid:CVE-2025-6953

Trust: 3.2

db:VULDBid:314490

Trust: 1.8

db:JVNDBid:JVNDB-2025-008161

Trust: 0.8

db:CNVDid:CNVD-2025-15182

Trust: 0.6

sources: CNVD: CNVD-2025-15182 // JVNDB: JVNDB-2025-008161 // NVD: CVE-2025-6953

REFERENCES

url:https://github.com/d2pq/cve/blob/main/616/26.md

Trust: 2.4

url:https://github.com/d2pq/cve/blob/main/616/26.md#poc

Trust: 1.8

url:https://vuldb.com/?id.314490

Trust: 1.8

url:https://vuldb.com/?submit.605874

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.314490

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-6953

Trust: 0.8

sources: CNVD: CNVD-2025-15182 // JVNDB: JVNDB-2025-008161 // NVD: CVE-2025-6953

SOURCES

db:CNVDid:CNVD-2025-15182
db:JVNDBid:JVNDB-2025-008161
db:NVDid:CVE-2025-6953

LAST UPDATE DATE

2025-07-09T23:20:54.715000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15182date:2025-07-07T00:00:00
db:JVNDBid:JVNDB-2025-008161date:2025-07-08T05:43:00
db:NVDid:CVE-2025-6953date:2025-07-07T14:38:29.763

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15182date:2025-07-07T00:00:00
db:JVNDBid:JVNDB-2025-008161date:2025-07-08T00:00:00
db:NVDid:CVE-2025-6953date:2025-07-01T14:15:43.353