CVE-2025-45862 is a medium severity buffer overflow vulnerability identified in the TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404. The vulnerability arises from improper handling of the 'interfacenameds' parameter within the DHCPv6 interface functionality. Specifically, the buffer overflow occurs when processing this parameter, which can lead to memory corruption. The vulnerability is classified under CWE-121, indicating a classic stack-based buffer overflow scenario. According to the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), the flaw can be exploited remotely over the network without requiring any privileges or user interaction. Successful exploitation could allow an attacker to cause partial compromise of confidentiality and integrity by potentially executing arbitrary code or manipulating router configurations, though availability impact is not indicated. No known public exploits or patches have been reported as of the publication date, which suggests that the vulnerability might not yet be actively exploited in the wild but remains a significant risk due to its remote and unauthenticated attack vector. The TOTOLINK A3002R is a consumer and small office/home office (SOHO) router, and the vulnerability targets the DHCPv6 service, which is responsible for IPv6 address assignment and network configuration, making it critical in environments utilizing IPv6 networking.

For European organizations, this vulnerability poses a moderate risk primarily to those deploying TOTOLINK A3002R routers, especially in environments where IPv6 is enabled and DHCPv6 services are active. Exploitation could lead to unauthorized access or manipulation of network configurations, potentially allowing attackers to intercept or redirect traffic, degrade network security, or establish persistent footholds within internal networks. Given the increasing adoption of IPv6 in Europe, the exposure surface is growing. Small and medium enterprises (SMEs) and home office setups using this router model could be particularly vulnerable, as these environments often lack rigorous network security controls. While the impact on large enterprises may be limited unless this specific hardware is in use, the compromise of edge devices like routers can serve as a pivot point for broader network intrusions. Confidentiality and integrity impacts could affect sensitive data traversing the network, while availability is less likely to be directly impacted. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure.

1. Immediate mitigation should involve disabling the DHCPv6 service on TOTOLINK A3002R routers if IPv6 is not required, thereby eliminating the attack surface related to the vulnerable parameter. 2. Network administrators should monitor network traffic for unusual DHCPv6 requests or malformed packets targeting the 'interfacenameds' parameter to detect potential exploitation attempts. 3. Segmentation of network devices and limiting remote access to router management interfaces can reduce exposure. 4. Since no patches are currently available, organizations should consider replacing or upgrading affected devices with models from vendors that provide timely security updates. 5. Implement strict firewall rules to restrict inbound traffic to router management ports and DHCPv6 services from untrusted networks. 6. Maintain up-to-date inventories of network hardware to identify and prioritize vulnerable devices for remediation. 7. Engage with TOTOLINK support channels to obtain information on forthcoming patches or firmware updates addressing this vulnerability.