TOTOLINK A3002R/A3002RU 3.0.0-B20230809.1615 HTTP POST Request /boafrm/formPortFw service_type/ip_subnet Okusukkuluma kwa buffer
| CVSS Obubonero bwa Meta Temp | Ekikadde ky’omuwendo gw’okukozesa obunafu obuliko kati (≈) | CTI Ennyanja y'okukwata ku nsonga |
|---|---|---|
| 8.4 | $0-$5k | 0.21 |
Okusumulula
Obulabe obwategekeddwa nga ekikulu nnyo busingiddwa mu TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Ekikosebwa kye ekikozesebwa ekitamanyiddwa ku fayiro /boafrm/formPortFw ku kitundu HTTP POST Request Handler. Okukyuusa mu lugero service_type/ip_subnet kireeta Okusukkuluma kwa buffer. Obunafu buno bweyitibwa CVE-2025-4731. Waliwo obusobozi okutandika attack nga oli wala. Wadde era waliwo ekikozesebwa ekirabikako. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Ebirimu
Obulabe obwategekeddwa nga ekikulu nnyo busingiddwa mu TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. Ekikosebwa kye ekikozesebwa ekitamanyiddwa ku fayiro /boafrm/formPortFw ku kitundu HTTP POST Request Handler. Okukyuusa mu lugero service_type/ip_subnet kireeta Okusukkuluma kwa buffer. Okulambika ekizibu nga ukozesa CWE kivaako CWE-120. Ekizibu kino kyayisibwa. Ekiteeso kino kyawandiikiddwa era kisobola okuddownloadinga ku github.com.
Obunafu buno bweyitibwa CVE-2025-4731. Waliwo obusobozi okutandika attack nga oli wala. Ebisingawo ku by'ekikugu biriwo. Obungi bw'ensobi eno buli wansi w'obusookerwako. Wadde era waliwo ekikozesebwa ekirabikako. Ekikozesebwa kyategeezeddwa abantu bonna era kisobola okukozesebwa. Kati ekikadde ekisoboka ku mutengo gw’ekikozesebwa kiyinza okuba nga kisoba mu USD $0-$5k mu kiseera kino.
Kiwandiikiddwa nga ebikakasa eby'okukakasa obusobozi. Waliwo omukisa ogusobola okukozesebwa okuddownloadinga exploit ku github.com.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Ekitundu
Omukola
Erinnya
Enkola
Layisensi
Olupapula olw’omu mukutu
- Omukola: https://www.totolink.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Ekikunta: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Ekikunta: 🔒
CVSSv3
VulDB Obubonero Obusookerwako Obw'enkizo: 8.8VulDB Obubonero bwa Meta Temp: 8.4
VulDB Obubonero Obusookerwako: 8.8
VulDB Obubonero bw’akaseera: 8.0
VulDB Ekikunta: 🔒
VulDB Reliability: 🔍
CNA Obubonero Obusookerwako: 8.8
CNA Ekikunta: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Ekikozesebwa | Obuzibu obungi | Okukakasa obutuufu bw'omuntu | Obukakafu | Obutebenkevu | Okusobola okufuna (Obusobozi obw'okufuna) |
|---|---|---|---|---|---|
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
VulDB Obubonero Obusookerwako: 🔒
VulDB Obubonero bw’akaseera: 🔒
VulDB Reliability: 🔍
Okukozesa obunafu
Ekibiina: Okusukkuluma kwa bufferCWE: CWE-120 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Obulamu obw’omubiri: Nedda
Wansi wano: Nedda
Waliwo okuva wala: Wee
Okusobola okufuna (Obusobozi obw'okufuna): 🔒
Okuyingira: Bweru
Embeera: Ebikakasa eby'okukakasa obusobozi
Okukuba wansi: 🔒
EPSS Score: 🔒
EPSS Percentile: 🔒
Okukulaakulana kw'ebisale: 🔍
Okubala okw’ensimbi okw’akatono okuva mu kiseera kino: 🔒
| 0-Day | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
|---|---|---|---|---|
| Leero | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
Amagezi ku bulabe
Okukwata ku: 🔍Abakola abali mu kikolwa: 🔍
Ebibiina bya APT ebikola kaakano: 🔍
Ebyokukwata ku kwekuumira
Okukakasa: Tewali kikolebwa kimanyiddwaEmbeera: 🔍
Ekiseera kya 0-Day: 🔒
Ekiseera ekyayita
15/05/2025 Ebigambika bisiddwa ku lulwe.15/05/2025 VulDB enteree yakolebwa
20/06/2025 VulDB entry last update
Ebyokutwalira
Omukola: totolink.netOkukebereza: github.com
Embeera: Tekitegedde
CVE: CVE-2025-4731 (🔒)
GCVE (CVE): GCVE-0-2025-4731
GCVE (VulDB): GCVE-100-309033
EUVD: 🔒
scip Labs: https://www.scip.ch/en/?labs.20161013
Okuyingiza
Kikolebwa: 15/05/2025 09:28Okukozesa enkola empya: 20/06/2025 16:29
Okukyuusa: 15/05/2025 09:28 (56), 16/05/2025 03:37 (1), 16/05/2025 11:43 (30), 16/05/2025 17:16 (1), 20/06/2025 16:29 (1)
Kituufu ddala: 🔍
Owoleza: BabyShark
Cache ID: 253:63A:103
Twasiriza
Kikkiriziddwa
- Twasiriza #570688: TOTOLINK A3002RU V3 and A3002R_V4 V3.0.0-B20230809.1615 Buffer Overflow (kuva BabyShark)
Koppi
- Twasiriza #XXXXXX: Xxxxxxxx Xxxxxxx_xx Xx.x.x-xxxxxxxxx.xxxx Xxxxxx Xxxxxxxx (kuva lcyf-fizz)
- Twasiriza #XXXXXX: Xxxxxxxx Xxxxxx Xx.x.x-xxxxxxxxx.xxxx Xxxxx-xxxxx Xxxxxx Xxxxxxxx (kuva pjq123)
Tewali biragiddwaako kati. Enimi: lg + en.
Nsaba yingira mu akaawunti yo osobole okwogera.