CVE-2025-63464 is a stack overflow vulnerability identified in the Totolink LR350 router firmware version 9.3.5u.6369_B20220309. The vulnerability resides in the sub_42396C function, specifically triggered by the ssid parameter. An attacker can craft a malicious request containing a specially designed ssid value that causes a stack overflow, leading to a Denial of Service (DoS) condition by crashing or destabilizing the device. This vulnerability does not require authentication, meaning an attacker can exploit it remotely without prior access credentials, increasing the attack surface. The lack of a published patch or known exploits in the wild suggests the vulnerability is newly disclosed. The primary impact is on the availability of the affected router, potentially disrupting network connectivity for users relying on the device. The Totolink LR350 is commonly used in small office/home office (SOHO) environments, making it a target for attackers seeking to disrupt business operations or cause network outages. The absence of a CVSS score necessitates an assessment based on the vulnerability's characteristics: it affects availability, is remotely exploitable without authentication, and impacts a widely deployed device model. These factors collectively indicate a high severity level. Organizations should monitor for unusual traffic targeting the ssid parameter and restrict access to router management interfaces until a vendor patch is available.

The primary impact of CVE-2025-63464 is a Denial of Service condition on Totolink LR350 routers, which can disrupt network availability. For European organizations, especially small and medium enterprises (SMEs) and home offices relying on these routers, exploitation could lead to loss of internet connectivity, interruption of business operations, and potential cascading effects on dependent services. The vulnerability could be leveraged by attackers to cause temporary outages or as part of a larger attack campaign to degrade network infrastructure. Since the exploit does not require authentication, attackers can target exposed devices remotely, increasing the risk of widespread disruption. Critical infrastructure organizations using these routers in non-segmented networks may face operational risks. Additionally, the lack of a patch means organizations must rely on mitigations to reduce exposure, increasing operational overhead. The impact on confidentiality and integrity is minimal, but the availability impact is significant, potentially affecting productivity and service delivery.

1. Immediately identify and inventory all Totolink LR350 routers within the network environment. 2. Restrict access to router management interfaces by implementing network segmentation and firewall rules to limit exposure to trusted IP addresses only. 3. Disable remote management features if not required to reduce the attack surface. 4. Monitor network traffic for unusual or malformed requests targeting the ssid parameter or related router services. 5. Implement intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect attempts to exploit the stack overflow. 6. Encourage users to reboot routers periodically to clear potential unstable states caused by attempted exploits. 7. Engage with Totolink support channels to obtain information on forthcoming patches or firmware updates addressing this vulnerability. 8. Consider deploying alternative router hardware or firmware if immediate patching is not feasible and risk is high. 9. Educate IT staff and users about the vulnerability and the importance of applying mitigations promptly. 10. Maintain up-to-date backups of router configurations to facilitate rapid recovery if devices become unresponsive.