Primary

Context

TOTOLINK A702R, A3002R, and A3002RU Buffer Overflow Vulnerability via HTTP POST Request

Vulnerability

A critical buffer overflow vulnerability has been identified in TOTOLINK A702R, A3002R, and A3002RU routers running version 3.0.0-B20230809.1615. The issue arises in an unknown function of the file '/boafrm/formSaveConfig', within the HTTP POST request handler. The vulnerability can be exploited remotely by manipulating the 'submit-url' argument, leading to a buffer overflow condition.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can typically lead to arbitrary code execution or a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending an HTTP POST request to the '/boafrm/formSaveConfig' endpoint, including a crafted 'submit-url' argument that triggers the buffer overflow. This can be done using tools like curl or Postman, or through a custom script that automates the process.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK A702R, A3002R, and A3002RU Buffer Overflow Vulnerability via HTTP POST Request

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK A702R

TOTOLINK A3002R

TOTOLINK A3002RU

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating