CVE-2025-5672

Published Jun 5, 2025

Last updated a month ago

CVSS high 8.7

Overview

Description
A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Source
cna@vuldb.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Secondary
Base score
9
Impact score
10
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

cna@vuldb.com
CWE-119

Social media

Hype score
Not currently trending

  1. [CVE-2025-5672: HIGH] Critical buffer overflow vulnerability discovered in TOTOLINK N302R Plus up to 3.4.0-B20201028 through HTTP POST Request Handler, allowing remote attacks. Take precautions.#cve,CVE-2025-5672,#cybersecurity https://t.co/0Ea31TAa5q https://t.co/J5ntfB9qLu

    @CveFindCom

    5 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-5672 A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of th… https://t.co/IBhi0TUHPM

    @CVEnew

    5 Jun 2025

    372 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.