CVE-2025-4832— TOTOLINK A720R,TOTOLINK A3002R,TOTOLINK A3002RU 安全漏洞

TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formDosCfg buffer overflow

A vulnerability has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

TOTOLINK A720R,TOTOLINK A3002R,TOTOLINK A3002RU 安全漏洞

TOTOLINK A3002RU等都是中国吉翁电子（TOTOLINK）公司的产品。TOTOLINK A3002RU是一款无线路由器产品。TOTOLINK A720R是一款无线路由器。TOTOLINK A3002R是一款无线路由器。 TOTOLINK A720R,TOTOLINK A3002R,TOTOLINK A3002RU 3.0.0-B20230809.1615版本存在安全漏洞，该漏洞源于对文件/boafrm/formDosCfg中参数submit-url的错误操作导致缓冲区溢出。

N/A

N/A