CVE-2025-63463 is a stack overflow vulnerability identified in the Totolink LR350 wireless router firmware version 9.3.5u.6369_B20220309. The vulnerability arises from improper handling of the wifiOff parameter within a function labeled sub_4232EC, which likely processes configuration or control requests related to wireless functionality. By crafting a specially malformed request targeting this parameter, an attacker can cause a stack overflow, leading to a denial of service condition. This DoS manifests as a crash or reboot of the device, disrupting network connectivity for users relying on the affected router. The vulnerability does not require authentication or user interaction, making it easier for remote attackers to exploit if the device is exposed to untrusted networks. No public exploits or patches are currently available, and the CVSS score has not been assigned yet. The vulnerability primarily impacts the availability of the device, with no direct indication of confidentiality or integrity compromise. The Totolink LR350 is a consumer and small business router, often deployed in home and small office environments, but may also be present in some enterprise edge networks. The stack overflow suggests a coding error in input validation or buffer management, a common source of memory corruption vulnerabilities. Without a patch, affected devices remain vulnerable to remote DoS attacks, which could be leveraged as part of larger network disruption campaigns or to facilitate lateral movement by attackers.

For European organizations, exploitation of CVE-2025-63463 could result in denial of service of critical network infrastructure components, specifically wireless routers used for internet access or internal connectivity. This disruption can lead to loss of productivity, interruption of business operations, and potential cascading effects on dependent systems. Small and medium enterprises (SMEs) and home offices relying on Totolink LR350 devices are particularly vulnerable due to limited IT resources and slower patch deployment cycles. Critical sectors such as healthcare, finance, and manufacturing could experience operational impacts if these routers are part of their network perimeter or internal segmentation. Additionally, the DoS could be exploited as a distraction or precursor to more sophisticated attacks. The lack of authentication requirement increases the risk of remote exploitation, especially if devices are accessible from the internet or poorly segmented networks. The absence of a patch or mitigation guidance from the vendor exacerbates the threat, necessitating proactive defensive measures by organizations.

1. Immediately identify and inventory all Totolink LR350 devices running firmware version 9.3.5u.6369_B20220309 within the network. 2. Monitor network traffic for unusual or malformed requests targeting the wifiOff parameter or related wireless configuration endpoints. 3. Implement network segmentation to isolate vulnerable devices from critical infrastructure and limit exposure to untrusted networks. 4. Restrict remote management access to the affected routers, preferably disabling remote administration or limiting it to trusted IP addresses via firewall rules. 5. Employ intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect attempts to exploit this stack overflow. 6. Engage with Totolink support channels to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 7. Consider temporary replacement or upgrade of vulnerable devices if patching is delayed. 8. Educate IT staff on the vulnerability to ensure rapid response to any signs of exploitation. 9. Maintain regular backups of router configurations to facilitate quick recovery after a DoS event. 10. Review and harden wireless network security policies to reduce attack surface.