CVE-2025-63464 – This CVE describes a stack overflow vulnerabili... (How to Fix)

📋 TL;DR

This CVE describes a stack overflow vulnerability in Totolink LR350 routers via the ssid parameter. Attackers can exploit this to cause Denial of Service (DoS) through crafted requests. Users of Totolink LR350 routers with the affected firmware are vulnerable.

💻 Affected Systems

Products:

Totolink LR350

Versions: v9.3.5u.6369_B20220309

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed

📦 What is this software?

Lr350 Firmware by Totolink

View all CVEs affecting Lr350 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reboot, potential remote code execution if stack overflow can be controlled precisely

🟠

Likely Case

Router becomes unresponsive, requiring reboot to restore functionality

🟢

If Mitigated

Minimal impact if router is behind firewall with restricted WAN access

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices

🏢 Internal Only: MEDIUM - Could be exploited from internal network if attacker gains access

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains exploit details; DoS exploitation is straightforward

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check Totolink website for firmware updates
2. Download latest firmware for LR350
3. Access router admin interface
4. Navigate to firmware upgrade section
5. Upload and apply new firmware
6. Reboot router

🔧 Temporary Workarounds

Restrict WAN access

linux

Block external access to router management interface

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable remote management

all

Turn off remote administration features

🧯 If You Can't Patch

Isolate router on separate network segment
Implement network monitoring for abnormal requests to ssid parameter

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Upgrade section

Check Version:

curl -s http://router-ip/cgi-bin/luci/ | grep firmware

Verify Fix Applied:

Verify firmware version has changed from v9.3.5u.6369_B20220309 to newer version

📡 Detection & Monitoring

Log Indicators:

Multiple connection attempts to router management interface
Router crash/reboot events in system logs

Network Indicators:

Unusual HTTP POST requests containing long ssid parameters
Traffic patterns indicating DoS attempts

SIEM Query:

source="router_logs" AND (event="crash" OR event="reboot") AND device_model="LR350"

📊 Metadata

CVE ID: CVE-2025-63464

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.27% exploit probability (50.4th percentile)

Published: October 31, 2025

Last Updated: November 5, 2025

🔗 References

https://github.com/0-fool/VulnbyCola/blob/main/TOTOLINK/LR350/6/1.md Exploit,Third Party Advisory
https://github.com/0-fool/VulnbyCola/blob/main/TOTOLINK/LR350/6/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63464, you might also want to check these: