A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://github.com/awindog/cve/blob/main/688/30.md | Exploit Third Party Advisory |
| https://github.com/awindog/cve/blob/main/688/30.md | Exploit Third Party Advisory |
| https://vuldb.com/?ctiid.314460 | Permissions Required |
| https://vuldb.com/?id.314460 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.605860 | Third Party Advisory VDB Entry |
| https://www.totolink.net/ | Product |
Configurations
Configuration 1 (hide)
| AND |
|
History
07 Jul 2025, 14:41
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/awindog/cve/blob/main/688/30.md - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?submit.605860 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?id.314460 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?ctiid.314460 - Permissions Required | |
| References | () https://www.totolink.net/ - Product | |
| First Time |
Totolink a3002ru Firmware
Totolink Totolink a3002ru |
|
| CPE | cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:a3002ru_firmware:3.0.0-b20230809.1615:*:*:*:*:*:*:* |
01 Jul 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| CWE | CWE-119 |
01 Jul 2025, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-07-01 03:15
Updated : 2025-07-07 14:41
NVD link : CVE-2025-6939
Mitre link : CVE-2025-6939
JSON object : View
Products Affected
totolink
- a3002ru_firmware
- a3002ru
CWE
No CWE.