Sign-up

ID

VAR-202507-0061


CVE

CVE-2025-6939


TITLE

TOTOLINK  of  A3002RU  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008209

DESCRIPTION

A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of A3002RU The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-6939 // JVNDB: JVNDB-2025-008209

AFFECTED PRODUCTS

vendor:totolinkmodel:a3002ruscope:eqversion:3.0.0-b20230809.1615

Trust: 1.0

vendor:totolinkmodel:a3002ruscope:eqversion:a3002ru firmware 3.0.0-b20230809.1615

Trust: 0.8

vendor:totolinkmodel:a3002ruscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:a3002ruscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-008209 // NVD: CVE-2025-6939

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-6939
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-008209
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-6939
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-008209
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-6939
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-008209
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-008209 // NVD: CVE-2025-6939

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008209 // NVD: CVE-2025-6939

EXTERNAL IDS

db:NVDid:CVE-2025-6939

Trust: 2.6

db:VULDBid:314460

Trust: 1.8

db:JVNDBid:JVNDB-2025-008209

Trust: 0.8

sources: JVNDB: JVNDB-2025-008209 // NVD: CVE-2025-6939

REFERENCES

url:https://github.com/awindog/cve/blob/main/688/30.md

Trust: 1.8

url:https://vuldb.com/?id.314460

Trust: 1.8

url:https://vuldb.com/?submit.605860

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.314460

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-6939

Trust: 0.8

sources: JVNDB: JVNDB-2025-008209 // NVD: CVE-2025-6939

SOURCES

db:JVNDBid:JVNDB-2025-008209
db:NVDid:CVE-2025-6939

LAST UPDATE DATE

2025-07-10T23:01:09.219000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-008209date:2025-07-09T01:36:00
db:NVDid:CVE-2025-6939date:2025-07-07T14:41:20.020

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-008209date:2025-07-09T00:00:00
db:NVDid:CVE-2025-6939date:2025-07-01T03:15:21.483