Totolink A3002r Firmware

Stack Overflow in TOTOLINK A3002R 1.1.1 via formWlanMultipleAP
CVE-2025-6486 8.8 - High - June 22, 2025

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

TOTOLINK A3002R 1.1.1-B20200824.0128: formRoute SB-Overflow via Subnet
CVE-2025-6487 8.8 - High - June 22, 2025

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

TOTOLINK A3002R 1.1.1 os Command Injection via formWlSiteSurvey (wlanif)
CVE-2025-6485 6.3 - Medium - June 22, 2025

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Shell injection

TOTOLINK A3002R 4.0.0 buffer overflow in HTTP POST handler
CVE-2025-6164 8.8 - High - June 17, 2025

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

TOTOLINK A3002R 4.0.0-B20230531 buffer overflow in HTTP POST handler
CVE-2025-6149 8.8 - High - June 17, 2025

A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Buffer Overflow in formDhcpv6s CLI param on TOTOLINK A3002R 4.0.0-B20230531.1404
CVE-2025-45862 - May 20, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.

TOTOLINK A3002R 2.1.1-B20230720.1011 XSS on VPN Page Comment
CVE-2025-4852 3.4 - Low - May 18, 2025

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

XSS

TOTOLINK A3002R v4.0.0 buffer overflow via macstr param
CVE-2025-45863 - May 13, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface.

TOTOLINK A3002R v4.0.0 Buffer Overflow via dnsaddr param
CVE-2025-45865 9.8 - Critical - May 13, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface.

Classic Buffer Overflow

TOTOLINK A3002R v4.0.0-B20230531.1404 buffer overflow in routername parameter
CVE-2025-45861 9.8 - Critical - May 13, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface.

Classic Buffer Overflow

Command Injection in TOTOLINK A3002R v4.0.0-B20230531.1404 via FUN_00459fdc
CVE-2025-45858 - May 13, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.

TOTOLINK A3002R v4.0 Buffer Overflow in formMapDelDevice
CVE-2025-45859 - May 13, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.

Buffer Overflow in formIpv6Setup static_dns1 (TOTOLINK A3002R v4.0.0)
CVE-2025-45867 - May 13, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.

TOTOLINK A3002R v4.0.0 Buffer Overflow in addrPoolEnd via DHCPv6 form
CVE-2025-45866 - May 13, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.

TOTOLINK A3002R v4.0.0 Buffer Overflow via addrPoolStart in formDhcpv6s
CVE-2025-45864 - May 13, 2025

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.

Command Injection in TOTOLINK A3002R /bin/boa (V4.0.0-B20230531.1404)
CVE-2025-25579 - March 28, 2025

TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.

TOTOlink A3002R Buffer Overflow in /bin/boa (v1.1.1-B20200824.0128)
CVE-2025-25609 - February 28, 2025

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa

Buffer overflow in TOTOlink A3002R V1.1.1-B20200824.0128 /bin/boa static_gw
CVE-2025-25610 - February 28, 2025

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.

TOTOlink A3002R v1.1.1 Buffer Overflow in boa pppoe_dns1
CVE-2025-25635 - February 28, 2025

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.

RCE via /bin/boa in TOTOLINK A3002R v4.0.0
CVE-2024-54907 - December 26, 2024

TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc.

Buffer Overflow in TOTOLINK AC1200 A3002R V1.1.1 via formWlEncrypt SSID cgi
CVE-2024-34195 9.8 - Critical - August 28, 2024

TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.

Memory Corruption

CVE-2024-42520: Buffer Overflow in TOTOLINK A3002R v4.0.0 (boa) FP Control
CVE-2024-42520 9.8 - Critical - August 12, 2024

TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.

Classic Buffer Overflow

Totolink AC1200 A3002R_V4 Firmware Boa server Buffer Overflow via wlan_ssid
CVE-2024-33820 - May 01, 2024

Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.