Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-25635

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.

Published

2025-02-28T19:15:37.223

Last Modified

2025-09-02T16:15:38.250

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

Weaknesses

Type: Secondary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	totolink	a3002r_firmware	1.1.1-b20200824.0128	Yes
Hardware	totolink	a3002r	-	No

References

https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-pppoe_dns1.md ([email protected])