CVE-2025-63467 is a stack-based buffer overflow vulnerability identified in the Totolink LR350 router firmware version 9.3.5u.6369_B20220309. The vulnerability resides in the sub_425400 function, which processes the ssid parameter. An attacker can craft a malicious request with an overly long or malformed ssid value that overflows the stack buffer, leading to memory corruption. This corruption causes the router to crash, resulting in a denial of service (DoS) condition. The vulnerability is remotely exploitable without any authentication or user interaction, as the ssid parameter is accessible via network requests. The CVSS v3.1 base score is 7.5, reflecting high severity due to the ease of exploitation (network attack vector, low complexity, no privileges required) and the impact on availability. There is no impact on confidentiality or integrity since the attack only causes a crash. No known exploits have been reported in the wild, and no official patches have been released at the time of publication. The vulnerability is categorized under CWE-121 (Stack-based Buffer Overflow), a common and critical software weakness. Organizations using Totolink LR350 routers should be aware of this vulnerability and prepare to mitigate potential attacks.

For European organizations, this vulnerability poses a significant risk to network availability, particularly for those deploying Totolink LR350 routers in critical network segments. A successful exploit can cause router crashes, leading to temporary loss of internet connectivity or internal network disruptions. This can impact business operations, especially for small and medium enterprises or branch offices relying on these devices for network access. While the vulnerability does not compromise data confidentiality or integrity, the denial of service can interrupt communications, delay business processes, and potentially affect services dependent on continuous network uptime. Critical infrastructure sectors such as finance, healthcare, and manufacturing could experience operational disruptions if their networks use vulnerable Totolink devices. Additionally, the lack of available patches increases exposure time, necessitating proactive defensive measures. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers may develop exploits targeting this vulnerability.

1. Immediately isolate Totolink LR350 routers from untrusted networks or restrict access to management interfaces to trusted IPs only. 2. Implement network segmentation to limit exposure of vulnerable devices to external or less trusted internal networks. 3. Monitor network traffic for unusual or malformed requests targeting SSID parameters or router management interfaces, using IDS/IPS solutions with custom signatures if possible. 4. Disable remote management features if not required to reduce attack surface. 5. Regularly check for firmware updates from Totolink and apply patches promptly once they become available. 6. Consider replacing vulnerable devices with alternative routers from vendors with more robust security track records if patching is delayed. 7. Maintain up-to-date backups of router configurations to enable rapid recovery after a DoS event. 8. Educate network administrators about this vulnerability and encourage vigilance for signs of exploitation attempts.