CVE-2025-63463 is a stack overflow vulnerability identified in the Totolink LR350 router firmware version 9.3.5u.6369_B20220309. The vulnerability arises from improper handling of the wifiOff parameter within the sub_4232EC function, which leads to a stack-based buffer overflow condition. This flaw can be triggered remotely by an attacker sending a specially crafted request to the device, without requiring any authentication or user interaction. Exploitation results in a denial of service (DoS) condition, causing the router to crash or reboot, thereby disrupting network availability. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow), which is a common and critical software weakness that can lead to system instability. Although no exploits have been publicly observed in the wild, the vulnerability's characteristics—remote, unauthenticated, no user interaction—make it a significant risk. The CVSS v3.1 base score is 7.5, reflecting high severity due to the ease of exploitation and the impact on availability. No patches or firmware updates have been linked yet, so affected users must apply interim mitigations. The Totolink LR350 is a widely used consumer and small business router, which increases the potential attack surface. This vulnerability could be leveraged by attackers to disrupt network operations, particularly in environments relying on these devices for connectivity.

For European organizations, this vulnerability poses a significant risk to network availability. A successful exploit would cause affected Totolink LR350 routers to crash or reboot, leading to temporary loss of internet connectivity and potential disruption of business operations. Critical services dependent on continuous network access, such as VoIP, cloud applications, and remote work infrastructure, could be interrupted. Since the attack requires no authentication or user interaction, attackers can easily target exposed devices remotely, increasing the likelihood of automated scanning and exploitation attempts. The impact is particularly severe for small and medium enterprises (SMEs) and home office setups that often use consumer-grade routers like the Totolink LR350 without advanced network segmentation or monitoring. Additionally, sectors such as healthcare, finance, and public administration that rely on stable network infrastructure could experience operational degradation. Although confidentiality and integrity are not directly affected, the denial of service could serve as a vector for broader disruption or as a diversion for other attacks.

1. Immediately restrict remote management interfaces of Totolink LR350 routers to trusted internal networks only, disabling WAN-side access where possible. 2. Monitor network traffic for unusual or malformed requests targeting the wifiOff parameter or related router management endpoints. 3. Segment networks to isolate affected routers from critical infrastructure and sensitive data systems to limit the blast radius of potential DoS attacks. 4. Regularly check for firmware updates from Totolink and apply patches promptly once available. 5. Implement network-level protections such as intrusion detection/prevention systems (IDS/IPS) that can detect and block exploit attempts targeting this vulnerability. 6. Educate IT staff and users about the risk and encourage reporting of unexpected router reboots or connectivity issues. 7. Consider deploying redundant network paths or failover mechanisms to maintain connectivity during router outages. 8. For organizations with large deployments, conduct vulnerability scans to identify affected devices and prioritize remediation efforts. 9. If possible, replace affected devices with models from vendors with a stronger security track record or with active support for timely patching.