CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-6337

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

Products affected by CVE-2025-6337

Totolink » A3002r » Version: N/A

cpe:2.3:h:totolink:a3002r:-
Totolink » A3002ru » Version: N/A

cpe:2.3:h:totolink:a3002ru:-
Totolink » A3002r Firmware » Version: 3.0.0-b20230809.1615

cpe:2.3:o:totolink:a3002r_firmware:3.0.0-b20230809.1615
Totolink » A3002r Firmware » Version: 4.0.0-b20230531.1404

cpe:2.3:o:totolink:a3002r_firmware:4.0.0-b20230531.1404
Totolink » A3002ru Firmware » Version: 3.0.0-b20230809.1615

cpe:2.3:o:totolink:a3002ru_firmware:3.0.0-b20230809.1615
Totolink » A3002ru Firmware » Version: 4.0.0-b20230531.1404

cpe:2.3:o:totolink:a3002ru_firmware:4.0.0-b20230531.1404

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-6337

Products

Pricing

Contact Us