CVE-2025-45841 in NR1800X
Summary
by MITRE • 05/08/2025
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/13/2025
The vulnerability identified as CVE-2025-45841 affects the TOTOLINK NR1800X router firmware version V9.1.0u.6681_B20230703, representing a critical security flaw that enables authenticated remote code execution through a stack buffer overflow condition. This vulnerability resides within the setSmsCfg function of the device's web interface, where the text parameter fails to properly validate input length before processing. The flaw stems from inadequate bounds checking in the firmware's handling of SMS configuration parameters, creating an exploitable condition that allows attackers with valid credentials to manipulate the device's memory layout.
The technical implementation of this vulnerability follows the CWE-121 stack-based buffer overflow pattern, where insufficient input validation permits a maliciously crafted payload to overwrite adjacent memory locations on the stack. The setSmsCfg function processes user-supplied text data without proper bounds checking, allowing an attacker to exceed the allocated buffer space and potentially overwrite return addresses, function pointers, or other critical stack variables. This type of vulnerability directly maps to ATT&CK technique T1059.007 for command and scripting interpreter and T1068 for exploit for privilege escalation, as successful exploitation could enable attackers to execute arbitrary code with elevated privileges.
The operational impact of this vulnerability extends beyond simple denial of service, as authenticated attackers can leverage the stack overflow to gain unauthorized access to the router's underlying operating system. The affected device operates on a Linux-based embedded system where the stack overflow could potentially be chained with other techniques to achieve full system compromise. Attackers with valid administrative credentials could exploit this vulnerability to install backdoors, modify network configurations, or redirect traffic through the compromised device, effectively creating a persistent foothold within the network infrastructure.
Mitigation strategies for CVE-2025-45841 should prioritize immediate firmware updates from TOTOLINK, as the vendor has likely released patches addressing the buffer overflow condition. Network segmentation and access control measures can help limit the potential impact by restricting administrative access to only authorized personnel with legitimate business needs. Additionally, implementing network monitoring solutions that detect anomalous traffic patterns related to SMS configuration changes can provide early warning of exploitation attempts. Security teams should also consider disabling unnecessary web interfaces and implementing multi-factor authentication for administrative access to reduce the attack surface and limit the likelihood of successful exploitation by unauthorized users.