CVE-2025-3993

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:totolink:n150rt_firmware:3.4.0-b20190525:*:*:*:*:*:*:*
cpe:2.3:h:totolink:n150rt:2.0:*:*:*:*:*:*:*

History

12 May 2025, 19:31

Type Values Removed Values Added
CPE cpe:2.3:o:totolink:n150rt_firmware:3.4.0-b20190525:*:*:*:*:*:*:*
cpe:2.3:h:totolink:n150rt:2.0:*:*:*:*:*:*:*
First Time Totolink
Totolink n150rt
Totolink n150rt Firmware
References () https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/BufferOverflow_formWsc_1 - () https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/BufferOverflow_formWsc_1 - Exploit
References () https://vuldb.com/?ctiid.306329 - () https://vuldb.com/?ctiid.306329 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.306329 - () https://vuldb.com/?id.306329 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.557944 - () https://vuldb.com/?submit.557944 - Third Party Advisory, VDB Entry
References () https://www.totolink.net/ - () https://www.totolink.net/ - Product

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en TOTOLINK N150RT 3.4.0-B20190525, clasificada como crítica. Este problema afecta a un procesamiento desconocido del archivo /boafrm/formWsc. La manipulación del argumento "submit-url" provoca un desbordamiento del búfer. El ataque puede iniciarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.

28 Apr 2025, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-28 01:15

Updated : 2025-05-12 19:31


NVD link : CVE-2025-3993

Mitre link : CVE-2025-3993

CVE.ORG link : CVE-2025-3993


JSON object : View

Products Affected

totolink

  • n150rt_firmware
  • n150rt
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')