CVE-2025-25635

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.

Published: Feb 28, 2025
Updated: May 4, 2025
CVE: CVE-2025-25635
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
totolink / a3002r_firmware	1.1.1-b20200824.0128	1.1.1-b20200824.0128.x

https://github.com/SunnyYANGyaya/firmcrosser/blob/main/ToTolink/TOTOLINK-A3002R-formIpv6Setup-pppoe_dns1.md

Vulnerability Database

290,273

CVE-2025-25635