CVE-2025-5672 in N302R Plus
Summary
by MITRE • 06/05/2025
A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/27/2026
The TOTOLINK N302R Plus router model presents a critical buffer overflow vulnerability within its web interface administration system, specifically affecting firmware versions up to 3.4.0-B20201028. This vulnerability resides in the HTTP POST request handler component, which processes administrative requests through the /boafrm/formFilter file interface. The flaw manifests when an attacker manipulates the url parameter within the HTTP POST request, causing a buffer overflow condition that can potentially lead to arbitrary code execution or system compromise.
This vulnerability represents a significant security risk due to its remote exploitability and the nature of the buffer overflow attack vector. The attack surface is particularly concerning as it allows threat actors to execute malicious code without requiring physical access to the device or authentication credentials. The buffer overflow occurs in the HTTP POST request handler, indicating that the application fails to properly validate input lengths before copying data into fixed-size memory buffers. This type of vulnerability falls under CWE-121, which specifically addresses stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations.
The operational impact of this vulnerability extends beyond simple denial of service scenarios, as successful exploitation could enable complete system compromise and persistent access to the network infrastructure. Attackers can leverage this vulnerability to gain unauthorized administrative privileges, modify router configurations, redirect traffic, or establish backdoor access points that persist even after device reboots. The fact that a public exploit has been disclosed significantly increases the risk profile, as it eliminates the need for advanced exploitation techniques and makes this vulnerability accessible to less sophisticated threat actors.
Security professionals should immediately implement network segmentation measures to isolate affected devices from critical network segments, while also deploying intrusion detection systems capable of identifying suspicious HTTP POST requests targeting the vulnerable endpoint. The most effective mitigation strategy involves firmware updates from TOTOLINK to address the buffer overflow condition through proper input validation and bounds checking mechanisms. Organizations should also consider disabling unnecessary web management interfaces where possible and implementing strict firewall rules that limit access to administrative ports only from trusted network segments. This vulnerability aligns with ATT&CK technique T1072, which covers application deployment in the cloud environment, as compromised routers can serve as persistent entry points for broader network infiltration. The disclosure of public exploits makes this vulnerability particularly dangerous and warrants immediate remediation across all affected deployments to prevent potential large-scale compromise of home and small office networks.