Primary

Context

TOTOLINK N300RH Denial-of-Service Vulnerability via HTTP POST Message Handler

Vulnerability

A denial-of-service vulnerability has been identified in the TOTOLINK N300RH router, specifically in version 6.1c.1390_B20191101. The issue arises in the HTTP POST Message Handler, within the file '/boafrm/formFilter'. The vulnerability is triggered by manipulating the 'url' argument, leading to a resource exhaustion condition. This flaw has been publicly disclosed and is available as a proof-of-concept exploit.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the device becomes unresponsive or unavailable.

Reproduction

To reproduce this vulnerability, send an HTTP POST request to the '/boafrm/formFilter' path, including a 'url' argument with a crafted value that exploits the lack of boundary checks. This will trigger a buffer overflow, causing a stack overflow and leading to a denial-of-service condition on the router.

Added: Jun 21, 2025, 7:34 AM

Updated: Jun 21, 2025, 7:34 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLINK N300RH Denial-of-Service Vulnerability via HTTP POST Message Handler

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating