Primary

Context

TOTOLINK A3002R Buffer Overflow Vulnerability in DHCPv6s Interface

Vulnerability

A buffer overflow vulnerability has been identified in the TOTOLINK A3002R router, specifically in firmware version V4.0.0-B20230531.1404. The issue arises from inadequate input validation of the 'dnsaddr' parameter within the 'formDhcpv6s' interface, leading to potential memory corruption.

Impact

Exploitation of this vulnerability causes the 'boa' process to crash, indicating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/boafrm/formDhcpv6s' endpoint. The request must include the 'wan_enable' parameter set to '1' to activate the vulnerable function, the 'enable_dhcpv6s' parameter also set to '1' to process the 'dnsaddr' parameter, and a long, malicious payload in the 'dnsaddr' parameter to overflow the buffer. After the request is sent, the 'boa' process will crash, demonstrating the successful exploitation of the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK A3002R Buffer Overflow Vulnerability in DHCPv6s Interface

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK A3002R

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating