CVE-2025-45864 is a medium-severity buffer overflow vulnerability identified in the TOTOLINK A3002R router, specifically version 4.0.0-B20230531.1404. The vulnerability arises from improper handling of the addrPoolStart parameter within the formDhcpv6s interface, which is related to DHCPv6 server functionality. Buffer overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory. In this case, the overflow could allow an attacker to corrupt memory, leading to potential information disclosure or integrity compromise. According to the CVSS v3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), the attack vector is adjacent network (meaning the attacker must be on the same or a logically adjacent network segment), with low attack complexity, no privileges required, and no user interaction needed. The impact affects confidentiality and integrity but does not affect availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is categorized under CWE-120, which is a classic buffer overflow issue, often exploitable to execute arbitrary code or cause memory corruption. The vulnerability was published on May 13, 2025, and reserved on April 22, 2025, indicating recent discovery and disclosure. TOTOLINK A3002R is a consumer and small office/home office (SOHO) router, which may be deployed in various environments including European households and small businesses. The DHCPv6 server interface is critical for IPv6 address allocation, and exploitation could allow an attacker on the local network to manipulate router behavior or extract sensitive information from memory.

For European organizations, particularly small businesses and home users relying on TOTOLINK A3002R routers, this vulnerability poses a risk of local network attackers gaining unauthorized access to sensitive information or potentially altering router configurations by exploiting the buffer overflow. While the attack requires adjacency, many corporate and residential networks have multiple users and devices on the same subnet, increasing the risk. Compromise of the router could lead to interception or manipulation of network traffic, undermining confidentiality and integrity of communications. In environments where IPv6 is enabled and DHCPv6 is actively used, the risk is more pronounced. Although availability is not directly impacted, the breach of confidentiality and integrity could facilitate further lateral movement or data exfiltration. European organizations with limited network segmentation or those using TOTOLINK devices in branch offices or remote locations are particularly vulnerable. The absence of known exploits in the wild currently reduces immediate risk, but the medium severity and ease of exploitation without privileges or user interaction warrant proactive mitigation.

1. Network Segmentation: Isolate TOTOLINK A3002R devices on separate VLANs or subnets to limit adjacency and reduce exposure to untrusted devices. 2. Disable DHCPv6 Server if not required: If IPv6 DHCP services are not needed, disable the DHCPv6 server functionality on the router to eliminate the attack surface. 3. Monitor Network Traffic: Implement monitoring for unusual DHCPv6 traffic patterns or malformed packets targeting the addrPoolStart parameter. 4. Firmware Updates: Although no patch links are currently available, regularly check TOTOLINK’s official channels for firmware updates addressing this vulnerability and apply them promptly. 5. Access Controls: Restrict physical and network access to the router’s management interfaces to trusted personnel and devices only. 6. Use Alternative Hardware: Consider replacing vulnerable TOTOLINK A3002R routers with devices from vendors with robust security track records and timely patching practices. 7. Incident Response Preparedness: Prepare to detect and respond to potential exploitation attempts by maintaining logs and alerts related to DHCPv6 server activities.