VDB
CVE-2025-3992
CVE-2025-3992
PUBLISHED
CVSS 8.699999809265137 HIGH
A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
EPSS 0.56% · 68.5th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.56%
68.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| TOTOLINK | N150RT | 3.4.0-B20190525 |
| totolink | n150rt_firmware | 3.4.0-b20190525 |
Timeline
- Apr 28, 2025 EPSS Score
- Apr 28, 2025 Coalition ESS Score
- Apr 28, 2025 CVE Published
- Apr 28, 2025 PoC Published
- Apr 28, 2025 PoC Published
- Apr 28, 2025 PoC Published
- Apr 29, 2025 Coalition ESS Score
- May 4, 2025 Coalition ESS Score
- May 8, 2025 PoC Published
- May 10, 2025 EPSS Score
- May 12, 2025 Coalition ESS Score
- May 20, 2025 Coalition ESS Score
References
- VDB-306328 | TOTOLINK N150RT formWlwds buffer overflow vdb
- VDB-306328 | CTI Indicators (IOB, IOC, IOA) url
- Submit #557943 | TOTOLINK N150RT V3.4.0-B20190525 Buffer Overflow third-party-advisory
- https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/BufferOverflow_formWlwds exploit
- https://www.totolink.net/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-3992 advisory
- https://www.totolink.net url