Details of VAR-202510-2082

ID

VAR-202510-2082

CVE

CVE-2025-63463

TITLE

TOTOLINK LR350 sub_4232EC function stack buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-27568

DESCRIPTION

Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. The TOTOLINK LR350 is a 4G LTE wireless router launched by TOTOLINK Electronics, a Chinese company. It supports converting 4G signals to wired signals and is suitable for home and office use. This vulnerability stems from the fact that the wifiOff parameter in the sub_4232EC function fails to properly validate the length of the input data

Trust: 1.44

sources: NVD: CVE-2025-63463 // CNVD: CNVD-2025-27568

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-27568

AFFECTED PRODUCTS

vendor:	totolink	model:	lr350	scope:	eq	version:	9.3.5u.6369_b20220309	Trust: 1.0
vendor:	totolink	model:	lr350 v9.3.5u.6369 b20220309	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-27568 // NVD: CVE-2025-63463

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-63463
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-27568
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-27568
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-63463
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-27568 // NVD: CVE-2025-63463

PROBLEMTYPE DATA

problemtype:

CWE-121

Trust: 1.0

sources: NVD: CVE-2025-63463

PATCH

title:

Patch for TOTOLINK LR350 sub_4232EC function stack buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/752051

Trust: 0.6

sources: CNVD: CNVD-2025-27568

EXTERNAL IDS

db:	NVD	id:	CVE-2025-63463	Trust: 1.6
db:	CNVD	id:	CNVD-2025-27568	Trust: 0.6

sources: CNVD: CNVD-2025-27568 // NVD: CVE-2025-63463

REFERENCES

url:

https://github.com/0-fool/vulnbycola/blob/main/totolink/lr350/4/1.md

Trust: 1.6

sources: CNVD: CNVD-2025-27568 // NVD: CVE-2025-63463

SOURCES

db:	CNVD	id:	CNVD-2025-27568
db:	NVD	id:	CVE-2025-63463

LAST UPDATE DATE

2025-11-18T15:38:28.478000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-27568	date:	2025-11-11T00:00:00
db:	NVD	id:	CVE-2025-63463	date:	2025-11-05T17:29:47.503

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-27568	date:	2025-11-10T00:00:00
db:	NVD	id:	CVE-2025-63463	date:	2025-10-31T17:15:47.797