CVE-2025-25610
Published: 28 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
TOTOLINK A3002R router firmware version V1.1.1-B20200824.0128 is affected by CVE-2025-25610, a buffer overflow vulnerability (CWE-120) due to improper input validation of the static_gw parameter in the formIpv6Setup interface handled by the /bin/boa web server component. Published on 2025-02-28, the issue carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with potential for significant impact.
An attacker with low privileges (PR:L) on an adjacent network (AV:A) can exploit this vulnerability with low attack complexity and no user interaction. By sending crafted input to the static_gw parameter, the buffer overflow could enable arbitrary code execution, leading to high confidentiality, integrity, and availability impacts, such as full router compromise, data theft, or further network pivoting.
Additional technical details, including analysis of the formIpv6Setup interface, are documented in a GitHub advisory at https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_gw.md. No official patches or vendor mitigations are specified in available information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow in authenticated web interface (formIpv6Setup) due to improper input validation enables arbitrary code execution on the router; directly maps to T1068 (Exploitation for Privilege Escalation) from low-priv access and T1190 (Exploit Public-Facing Application) via the exposed /bin/boa web server.