CVE-2025-25610
Published: 28 February 2025
Summary
CVE-2025-25610 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Totolink A3002R Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly addresses the root cause by requiring validation of inputs like the static_gw parameter to prevent buffer overflows from improper input handling.
SI-16 provides memory protections such as ASLR, stack canaries, and DEP to block arbitrary code execution even if a buffer overflow occurs in the web server.
SI-2 mandates timely identification, reporting, and correction of flaws like this buffer overflow vulnerability through firmware patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in authenticated web interface (formIpv6Setup) due to improper input validation enables arbitrary code execution on the router; directly maps to T1068 (Exploitation for Privilege Escalation) from low-priv access and T1190 (Exploit Public-Facing Application) via the exposed /bin/boa web server.
NVD Description
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.
Deeper analysisAI
TOTOLINK A3002R router firmware version V1.1.1-B20200824.0128 is affected by CVE-2025-25610, a buffer overflow vulnerability (CWE-120) due to improper input validation of the static_gw parameter in the formIpv6Setup interface handled by the /bin/boa web server component. Published on 2025-02-28, the issue carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with potential for significant impact.
An attacker with low privileges (PR:L) on an adjacent network (AV:A) can exploit this vulnerability with low attack complexity and no user interaction. By sending crafted input to the static_gw parameter, the buffer overflow could enable arbitrary code execution, leading to high confidentiality, integrity, and availability impacts, such as full router compromise, data theft, or further network pivoting.
Additional technical details, including analysis of the formIpv6Setup interface, are documented in a GitHub advisory at https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-static_gw.md. No official patches or vendor mitigations are specified in available information.
Details
- CWE(s)