{"cve":{"cve_id":"CVE-2025-4823","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00661,"epss_percentile":0.46783,"epss_as_of":"2026-06-23","description":"A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.","published_at":"2025-05-17T09:31:06.557000Z","last_modified_at":null,"cvss_v3_score":8.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":8.7,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"HIGH","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-120","CWE-119"],"nvd_references":["https://vuldb.com/?id.309284","https://vuldb.com/?ctiid.309284","https://vuldb.com/?submit.574593","https://github.com/CH13hh/tmp_store_cc/blob/main/toto/1.md","https://www.totolink.net/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:27:13.452499Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"totolink","vendor_name":"totolink","product_slug":"a3002r","product_name":"A3002R","version_start":"3.0.0-B20230809.1615","version_start_inclusive":true,"version_end":"3.0.0-B20230809.1615","version_end_inclusive":true,"cpe23_uri":"cve5:totolink:a3002r:3.0.0-B20230809.1615:3.0.0-B20230809.1615"},{"vendor_slug":"totolink","vendor_name":"totolink","product_slug":"a3002ru","product_name":"A3002RU","version_start":"3.0.0-B20230809.1615","version_start_inclusive":true,"version_end":"3.0.0-B20230809.1615","version_end_inclusive":true,"cpe23_uri":"cve5:totolink:a3002ru:3.0.0-B20230809.1615:3.0.0-B20230809.1615"},{"vendor_slug":"totolink","vendor_name":"totolink","product_slug":"a702r","product_name":"A702R","version_start":"3.0.0-B20230809.1615","version_start_inclusive":true,"version_end":"3.0.0-B20230809.1615","version_end_inclusive":true,"cpe23_uri":"cve5:totolink:a702r:3.0.0-B20230809.1615:3.0.0-B20230809.1615"}],"exploit_refs":[],"news":[],"references":[{"url":"https://vuldb.com/?id.309284","source_type":"MISC","tags":[]},{"url":"https://vuldb.com/?ctiid.309284","source_type":"MISC","tags":[]},{"url":"https://vuldb.com/?submit.574593","source_type":"MISC","tags":[]},{"url":"https://github.com/CH13hh/tmp_store_cc/blob/main/toto/1.md","source_type":"MISC","tags":[]},{"url":"https://www.totolink.net/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-05-17T09:31:06.557000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:47:23.634638Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:23.634638Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:23.634638Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:23.634638Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:23.634638Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:23.634638Z","label":"CVSS score revised","source":"cvelistv5"}]}