TOTOLINK N302R Plus ଯେପର୍ଯ୍ୟନ୍ତ 3.4.0-B20201028 HTTP POST Request /boafrm/formFilter url ବଫର୍ ଓଭରଫ୍ଲୋ
Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu TOTOLINK N302R Plus ଯେପର୍ଯ୍ୟନ୍ତ 3.4.0-B20201028 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii /boafrm/formFilter keessa kutaa HTTP POST Request Handler keessa. Dhugumatti jijjiirraa irratti raawwatame url gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-120 si geessa. Beekumsi kun yeroo 06/04/2025 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-5672 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
2 ଆଡାପ୍ଟେସନ୍ · 57 ପଏଣ୍ଟ
| ଫିଲ୍ଡ | ସୃଷ୍ଟି ହୋଇଛି 06/04/2025 03:01 PM | ଅଦ୍ୟତନ 1/1 06/06/2025 04:25 AM |
|---|---|---|
| software_vendor | TOTOLINK | TOTOLINK |
| software_name | N302R Plus | N302R Plus |
| software_version | <=3.4.0-B20201028 | <=3.4.0-B20201028 |
| software_component | HTTP POST Request Handler | HTTP POST Request Handler |
| software_file | /boafrm/formFilter | /boafrm/formFilter |
| software_argument | url | url |
| vulnerability_cwe | CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ) | CWE-120 (ବଫର୍ ଓଭରଫ୍ଲୋ) |
| vulnerability_risk | 2 | 2 |
| cvss3_vuldb_av | N | N |
| cvss3_vuldb_ac | L | L |
| cvss3_vuldb_ui | N | N |
| cvss3_vuldb_s | U | U |
| cvss3_vuldb_c | H | H |
| cvss3_vuldb_i | H | H |
| cvss3_vuldb_a | H | H |
| cvss3_vuldb_e | P | P |
| cvss3_vuldb_rc | R | R |
| advisory_url | https://github.com/byxs0x0/cve2/blob/main/530/2.md | https://github.com/byxs0x0/cve2/blob/main/530/2.md |
| exploit_availability | 1 | 1 |
| exploit_publicity | 1 | 1 |
| exploit_url | https://github.com/byxs0x0/cve2/blob/main/530/2.md | https://github.com/byxs0x0/cve2/blob/main/530/2.md |
| source_cve | CVE-2025-5672 | CVE-2025-5672 |
| cna_responsible | VulDB | VulDB |
| cvss2_vuldb_av | N | N |
| cvss2_vuldb_ac | L | L |
| cvss2_vuldb_ci | C | C |
| cvss2_vuldb_ii | C | C |
| cvss2_vuldb_ai | C | C |
| cvss2_vuldb_e | POC | POC |
| cvss2_vuldb_rc | UR | UR |
| cvss4_vuldb_av | N | N |
| cvss4_vuldb_ac | L | L |
| cvss4_vuldb_ui | N | N |
| cvss4_vuldb_vc | H | H |
| cvss4_vuldb_vi | H | H |
| cvss4_vuldb_va | H | H |
| cvss4_vuldb_e | P | P |
| cvss2_vuldb_au | S | S |
| cvss2_vuldb_rl | ND | ND |
| cvss3_vuldb_pr | L | L |
| cvss3_vuldb_rl | X | X |
| cvss4_vuldb_at | N | N |
| cvss4_vuldb_pr | L | L |
| cvss4_vuldb_sc | N | N |
| cvss4_vuldb_si | N | N |
| cvss4_vuldb_sa | N | N |
| cvss2_vuldb_basescore | 9.0 | 9.0 |
| cvss2_vuldb_tempscore | 7.7 | 7.7 |
| cvss3_vuldb_basescore | 8.8 | 8.8 |
| cvss3_vuldb_tempscore | 8.0 | 8.0 |
| cvss3_meta_basescore | 8.8 | 8.8 |
| cvss3_meta_tempscore | 8.0 | 8.0 |
| cvss4_vuldb_bscore | 8.7 | 8.7 |
| cvss4_vuldb_btscore | 7.4 | 7.4 |
| advisory_date | 1748988000 (06/04/2025) | 1748988000 (06/04/2025) |
| price_0day | $0-$5k | $0-$5k |
| euvd_id | EUVD-2025-17014 |