CVE-2025-6401
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-21

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-21
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-06-21
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6401
EUVD
EUVD-2025-18807
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
totolink n300rh_firmware 6.1c.1390_b20191101
totolink n300rh *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-6401 is a vulnerability in the TOTOLINK N300RH router firmware version 6.1c.1390_B20191101. It occurs due to improper handling of HTTP POST requests to the /boafrm/formFilter path, specifically when manipulating the "url" argument. This leads to a stack-based buffer overflow or improper resource release, causing the device to crash or become unavailable, resulting in a denial of service (DoS). [1, 2]


How can this vulnerability impact me? :

This vulnerability can cause a denial of service (DoS) on the affected TOTOLINK N300RH router, making the device unavailable or unresponsive. This disrupts network connectivity and services relying on the router. Since the exploit is publicly available and partially remotely exploitable without authentication, attackers can trigger this DoS condition, potentially impacting network availability and operations. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for HTTP POST requests to the path /boafrm/formFilter with manipulated or unusually large 'url' arguments that may trigger the buffer overflow. A practical detection method is to capture and analyze HTTP POST traffic targeting /boafrm/formFilter on the TOTOLINK N300RH router. For example, using tcpdump or tshark to filter such traffic: `tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/boafrm/formFilter'`. Alternatively, using curl to test the endpoint with crafted POST data can help verify if the device is vulnerable. However, no specific detection commands are provided in the resources. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

No known countermeasures or mitigations have been identified for this vulnerability. Immediate steps include monitoring for exploit attempts and considering replacing the affected TOTOLINK N300RH device with an alternative product to avoid exposure. Network administrators should also restrict access to the device's management interface and monitor for suspicious HTTP POST requests to /boafrm/formFilter. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart