Primary

Context

TOTOLINK A3002R Buffer Overflow Vulnerability in Web Interface Port Forwarding

Vulnerability

A buffer overflow vulnerability has been identified in the TOTOLINK A3002R router, specifically in version 4.0.0-B20230531.1404. The issue arises in the web interface's port forwarding section, where the 'fw_ip' parameter is processed. This vulnerability allows attackers to craft input that causes a denial-of-service condition by overflowing the buffer, which can disrupt the normal operation of the device.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to become unresponsive or inaccessible.

Reproduction

The vulnerability can be reproduced by sending a crafted input that exceeds the buffer capacity in the 'fw_ip' parameter of the '/boafrm/formPortFw' endpoint. This can be done using a tool like Burp Suite to intercept and modify the request. Once the oversized input is sent, the device's web server will crash, making the router inaccessible.

Added: Aug 18, 2025, 8:19 PM

Updated: Aug 18, 2025, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK A3002R Buffer Overflow Vulnerability in Web Interface Port Forwarding

Vulnerability

Impact

Reproduction

Affected Products

TOTOLINK A3002R

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating