CVE-2025-6393— TOTOLINK多款产品 安全漏洞

TOTOLINK A702R/A3002R/A3002RU/EX1200T HTTP POST Request formIPv6Addr buffer overflow

A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

TOTOLINK多款产品 安全漏洞

TOTOLINK A3002RU等都是中国吉翁电子（TOTOLINK）公司的产品。TOTOLINK A3002RU是一款无线路由器产品。TOTOLINK A702r是一款路由器设备。TOTOLINK A3002R是一款无线路由器。 TOTOLINK多款产品存在安全漏洞，该漏洞源于文件/boafrm/formIPv6Addr中参数submit-url的错误操作导致缓冲区溢出。以下产品受到影响：TOTOLINK A702R、A3002R、A3002RU和EX1200T。

N/A

N/A