Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-4823

Опубликовано: 17 мая 2025
Источник: nvd
CVSS3: 8.8
CVSS2: 9
EPSS Низкий

Описание

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:totolink:a702r_firmware:3.0.0-b20230809.1615:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a702r:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:totolink:a3002r_firmware:3.0.0-b20230809.1615:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a3002r:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:totolink:a3002ru_firmware:3.0.0-b20230809.1615:*:*:*:*:*:*:*
cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00386
Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-119
CWE-120

Связанные уязвимости

github логотип

GHSA-vp4m-3qw3-rfpq

CVSS3: 8.8
github
9 месяцев назад

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

fstec логотип

BDU:2025-05836

CVSS3: 8.8
fstec
9 месяцев назад

Уязвимость функции submit-url файла /boafrm/formReflashClientTbl компонента HTTP POST Request Handler микропрограммного обеспечения роутеров TOTOLINK A702R, A3002R и A3002RU, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 59%
0.00386
Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-119
CWE-120