CVE-2025-4462 – A critical buffer overflow vulnerability in TOT... (How to Fix)

Q: What is the severity of CVE-2025-4462?

CVE-2025-4462 has a CVSS score of 8.8 (HIGH). A critical buffer overflow vulnerability in TOTOLINK N150RT routers allows remote attackers to execute arbitrary code by manipulating the localPin parameter in the /boafrm/formWsc endpoint. This affects all users of the vulnerable firmware version, potentially giving attackers full control of affected devices. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A critical buffer overflow vulnerability in TOTOLINK N150RT routers allows remote attackers to execute arbitrary code by manipulating the localPin parameter in the /boafrm/formWsc endpoint. This affects all users of the vulnerable firmware version, potentially giving attackers full control of affected devices. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

TOTOLINK N150RT

Versions: 3.4.0-B20190525

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the affected firmware version are vulnerable by default. The vulnerable endpoint is accessible via web interface.

📦 What is this software?

N150rt Firmware by Totolink

View all CVEs affecting N150rt Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, creation of persistent backdoors, lateral movement to internal networks, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to modify router settings, intercept network traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering, though internal threats remain if exploited from within the network.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing routers directly exposed to attackers.

🏢 Internal Only: HIGH - Even internally, the vulnerability can be exploited by malicious insiders or compromised internal systems to pivot through the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub, making exploitation trivial for attackers with basic skills. The vulnerability requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: https://www.totolink.net/

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates. 2. Download latest firmware for N150RT. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router after update.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface to trusted network segment

🧯 If You Can't Patch

Replace affected devices with supported models from different vendors
Implement strict network access controls to limit traffic to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is 3.4.0-B20190525, device is vulnerable.

Check Version:

Access router web interface at http://[router-ip] and check System Status or Firmware Version page

Verify Fix Applied:

Verify firmware version has changed from 3.4.0-B20190525 to a newer version after update.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /boafrm/formWsc with long localPin parameters
Multiple failed login attempts followed by formWsc access

Network Indicators:

Unusual outbound connections from router to unknown IPs
Traffic patterns suggesting command and control communication

SIEM Query:

source="router-logs" AND (uri="/boafrm/formWsc" AND (localPin.length>100 OR status=500))

📊 Metadata

CVE ID: CVE-2025-4462

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.41% exploit probability (61th percentile)

Published: May 9, 2025

Last Updated: May 23, 2025

🔗 References

https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/BufferOverflow_formWsc_2 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.308081 Permissions Required,VDB Entry
https://vuldb.com/?id.308081 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.565958 Third Party Advisory,VDB Entry
https://www.totolink.net/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4462, you might also want to check these: