CVE-2025-63466 identifies a stack-based buffer overflow vulnerability in the Totolink LR350 router firmware version 9.3.5u.6369_B20220309. The vulnerability is located in the sub_426EF8 function, specifically in the handling of the password parameter. Improper input validation or bounds checking allows an attacker to overflow the stack by sending a specially crafted request containing an overly long or malformed password value. This overflow can overwrite control data on the stack, leading to a denial of service (DoS) condition by crashing the device or causing it to reboot unexpectedly. The vulnerability does not impact confidentiality or integrity but severely affects availability. The CVSS v3.1 base score is 7.5, reflecting high severity due to network attack vector, low attack complexity, no privileges required, no user interaction, and universal scope. No patches or exploit code are currently publicly available, but the flaw is reserved and published in the CVE database, indicating recognition by the security community. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow), a common and well-understood software weakness. Attackers can exploit this remotely without authentication, making it a critical concern for exposed devices.

For European organizations, exploitation of this vulnerability could lead to denial of service on affected Totolink LR350 routers, disrupting network connectivity and potentially impacting business operations reliant on these devices. Critical infrastructure, small and medium enterprises, and home office environments using these routers could experience outages or degraded service. The lack of confidentiality or integrity impact limits data breach risks, but availability loss can affect productivity and operational continuity. Given the ease of exploitation and no authentication requirement, attackers could launch DoS attacks from anywhere on the internet if the device management interface is exposed. This could also be leveraged as part of a larger attack chain or to cause targeted disruption in sectors such as telecommunications, manufacturing, or public services. The absence of known exploits reduces immediate risk but does not eliminate it, as proof-of-concept or weaponized exploits may emerge.

Organizations should immediately inventory their network devices to identify any Totolink LR350 routers running the vulnerable firmware version 9.3.5u.6369_B20220309. Until a vendor patch is released, restrict access to router management interfaces by implementing network segmentation and firewall rules that limit access to trusted IP addresses only. Disable remote management features if not required. Monitor network traffic for unusual or malformed requests targeting the password parameter or the sub_426EF8 function. Establish incident response procedures to quickly reboot or isolate affected devices if a DoS condition is detected. Engage with Totolink support channels to obtain firmware updates or security advisories. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures for anomalous traffic patterns related to this vulnerability once available. Regularly update device firmware and maintain an asset management program to reduce exposure to known vulnerabilities.