CVE-2025-6337

TOTOLINK A3002R/A3002RU HTTP POST Request formTmultiAP buffer overflow

Description

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

INFO

Published Date :

2025-06-20T12:00:18.533Z

Last Modified :

2025-06-23T20:26:09.429Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2025-6337 vulnerability.

Vendors	Products
Totolink	A3002r A3002r Firmware A3002ru A3002ru Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6337.

URL	Resource
https://github.com/awindog/cve/blob/main/688/13.md
https://github.com/awindog/cve/blob/main/688/14.md
https://vuldb.com/?ctiid.313333
https://vuldb.com/?id.313333
https://vuldb.com/?submit.596691
https://vuldb.com/?submit.596692
https://www.totolink.net/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact