{"id":6455,"date":"2025-06-05T13:35:08","date_gmt":"2025-06-05T13:35:08","guid":{"rendered":"http:\/\/localhost\/?p=6455"},"modified":"2025-06-05T13:35:08","modified_gmt":"2025-06-05T13:35:08","slug":"totolink-n302r-plus-http-post-request-formportfw-buffer-overflow","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6455","title":{"rendered":"TOTOLINK N302R Plus HTTP POST Request formPortFw buffer overflow"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nTOTOLINK N302R Plus HTTP POST Request formPortFw buffer overflow<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-05T17:31:07.818Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
Product<\/th>\nN302R Plus<\/td>\n<\/tr>\n
Version<\/th>\n3.4.0-B20201028<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n8.7 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical buffer overflow vulnerability in TOTOLINK N302R Plus routers allows remote attackers to execute arbitrary code via the HTTP POST request handler in formPortFw. This could lead to complete device compromise.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
Product<\/th>\nN302R Plus<\/td>\n<\/tr>\n
Affected Version<\/th>\n3.4.0-B20201028<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n