Primary

Context

TOTOLINK A3002R Buffer Overflow Vulnerability in IPv6 Setup Interface

Vulnerability

A buffer overflow vulnerability has been identified in the TOTOLINK A3002R router, specifically in the firmware version V4.0.0-B20230531.1404. The issue arises from inadequate input validation of the 'static_dns1' and 'static_dns2' parameters within the formIpv6Setup interface, leading to potential memory corruption.

Impact

Exploitation of this vulnerability causes the 'boa' process to crash, indicating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/boafrm/formIpv6Setup' endpoint. The request must include a long, malicious payload in the 'static_dns1' or 'static_dns2' parameter to overflow the buffer. After the request is processed, the 'boa' process will crash, demonstrating the successful exploitation of the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK A3002R Buffer Overflow Vulnerability in IPv6 Setup Interface

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK A3002R

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating