CVE-2025-45865 is a critical buffer overflow vulnerability identified in the TOTOLINK A3002R router, specifically version 4.0.0-B20230531.1404. The vulnerability arises from improper handling of the 'dnsaddr' parameter within the formDhcpv6s interface. Buffer overflow vulnerabilities occur when input data exceeds the allocated buffer size, leading to memory corruption. In this case, an attacker can craft a malicious request targeting the dnsaddr parameter to overflow the buffer, potentially overwriting adjacent memory. This can result in arbitrary code execution, denial of service, or system crashes. The vulnerability is classified under CWE-120, which pertains to classic buffer overflow issues. The CVSS 3.1 base score of 9.8 indicates a critical severity level, reflecting the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation. The attack vector is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), making it highly exploitable remotely. The scope is unchanged (S:U), meaning the impact is confined to the vulnerable component but with complete compromise potential. No known exploits are reported in the wild yet, but the vulnerability's nature and severity suggest it could be targeted soon. TOTOLINK A3002R is a consumer-grade router, and the vulnerability in its DHCPv6 interface implies that attackers can exploit it remotely over the network, especially in environments where IPv6 is enabled. The lack of available patches at the time of publication increases the urgency for mitigation.

For European organizations, this vulnerability poses a significant risk, especially for enterprises and service providers using TOTOLINK A3002R routers or similar devices in their network infrastructure. Successful exploitation could lead to full compromise of the affected router, allowing attackers to intercept, manipulate, or redirect network traffic, potentially leading to data breaches, espionage, or disruption of services. Given the critical nature of the vulnerability and the router's role as a network gateway, the confidentiality, integrity, and availability of internal networks and connected devices could be severely impacted. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and government institutions within Europe. Additionally, the vulnerability could be leveraged as a pivot point for lateral movement within corporate networks or as a launchpad for broader attacks. The absence of authentication or user interaction requirements makes it easier for remote attackers to exploit this flaw, increasing the threat surface. Organizations relying on IPv6 connectivity are especially vulnerable, as the flaw resides in the DHCPv6 interface.

Immediate mitigation steps include isolating affected TOTOLINK A3002R routers from untrusted networks and disabling IPv6 services if not required, thereby reducing the attack surface. Network administrators should implement strict access controls and firewall rules to limit inbound traffic to router management interfaces, especially from external sources. Monitoring network traffic for unusual DHCPv6 requests or anomalies related to the dnsaddr parameter can help in early detection of exploitation attempts. Organizations should engage with TOTOLINK or authorized vendors to obtain security advisories and patches as soon as they become available. In the interim, replacing vulnerable devices with alternative hardware that has a robust security posture is advisable for critical environments. Additionally, conducting regular firmware audits and ensuring routers run the latest firmware versions can prevent exploitation of similar vulnerabilities. Employing network segmentation to isolate critical systems from potentially compromised network segments further limits potential damage. Finally, organizations should prepare incident response plans tailored to router compromise scenarios to ensure rapid containment and recovery.