Primary

Context

TOTOLINK N150RT Buffer Overflow Vulnerability in WSC Form Processing

Vulnerability

A critical buffer overflow vulnerability has been identified in the TOTOLINK N150RT router, specifically in the firmware version 3.4.0-B20190525. The issue arises in the file '/boafrm/formWsc', where the 'localPin' parameter can be manipulated, leading to memory corruption. This vulnerability can be exploited remotely, causing a denial-of-service by crashing the web server.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly be used to execute arbitrary code or cause a denial-of-service by crashing the device.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/boafrm/formWsc' endpoint with a crafted 'localPin' parameter that exceeds the buffer size, causing a buffer overflow. This can be done using tools like Burp Suite.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK N150RT Buffer Overflow Vulnerability in WSC Form Processing

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK N150RT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating