CVE-2025-25635: Buffer Overflow
First published: Fri Feb 28 2025(Updated: )
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Totolink A3002r Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-25635?
CVE-2025-25635 is classified as a high severity vulnerability due to the potential for buffer overflow exploitation.
How do I fix CVE-2025-25635?
To fix CVE-2025-25635, you should update the TOTOlink A3002R firmware to the latest version that addresses this buffer overflow vulnerability.
What is the impact of the CVE-2025-25635 vulnerability?
The impact of CVE-2025-25635 could lead to remote code execution or denial of service if exploited by an attacker.
Which devices are affected by CVE-2025-25635?
CVE-2025-25635 affects the TOTOlink A3002R router with the firmware version V1.1.1-B20200824.0128.
How can attackers exploit CVE-2025-25635?
Attackers can exploit CVE-2025-25635 by sending crafted requests with specially formatted pppoe_dns1 parameters to the vulnerable interface.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- vendor/totolink
- canonical/totolink a3002r firmware