Login Sign Up

CVE-2025-45864

5.4 MEDIUM
Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in TOTOLINK A3002R routers via the addrPoolStart parameter in the formDhcpv6s interface. Attackers could potentially execute arbitrary code or crash the device. Only users of the specific TOTOLINK router model and firmware version are affected.

💻 Affected Systems

Products:
  • TOTOLINK A3002R
Versions: v4.0.0-B20230531.1404
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the DHCPv6 server configuration interface. Devices with IPv6 enabled and accessible via web interface are most vulnerable.

📦 What is this software?

A3002r Firmware by Totolink

View all CVEs affecting A3002r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, allowing attackers to intercept traffic, modify configurations, or use the device as a botnet node.

🟠

Likely Case

Denial of service causing router crashes and network disruption, requiring physical reset or manual intervention.

🟢

If Mitigated

Limited impact if the vulnerable interface is not exposed to untrusted networks and proper network segmentation is in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The GitHub reference contains technical details and proof-of-concept information. Buffer overflow vulnerabilities in network devices are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable IPv6 DHCP Server

all

Disable the vulnerable DHCPv6 server functionality if not required.

Restrict Web Interface Access

all

Limit access to router administration interface to trusted IP addresses only.

🧯 If You Can't Patch

  • Segment affected routers on isolated network segments
  • Implement strict firewall rules to block external access to router administration interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. Navigate to System > Firmware Upgrade to view current version.

Check Version:

No CLI command available. Must check via web interface at System > Firmware Upgrade.

Verify Fix Applied:

Verify firmware version has been updated to a version newer than v4.0.0-B20230531.1404.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts
  • Unusual configuration changes
  • Router crash/reboot events

Network Indicators:

  • Unusual traffic patterns to router administration port
  • Malformed DHCPv6 requests

SIEM Query:

source="router_logs" AND (event="crash" OR event="reboot") AND device_model="A3002R"

📊 Metadata

CVE ID: CVE-2025-45864
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-120
EPSS Score: 0.09% exploit probability (25.9th percentile)
Published: May 13, 2025
Last Updated: June 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45864, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)