CVE-2025-6164 – TOTOLINK A3002R HTTP POST Request Handler Buffer Overflow Vulnerability

June 17, 2025

CVE ID : CVE-2025-6164

Published : June 17, 2025, 6:15 a.m. | 2 hours, 44 minutes ago

Description : A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6165 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

Next Article CVE-2025-5209 – Ivory Search WordPress XSS Vulnerability

Highlights

CVE-2025-49824 – Conda-Smithy Oracle Padding Attack

June 17, 2025

CVE ID : CVE-2025-49824

Published : June 17, 2025, 9:15 p.m. | 1 hour, 16 minutes ago

Description : conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attack. This vulnerability results from the use of an outdated and insecure padding scheme during RSA encryption. A malicious actor with access to an oracle system can exploit this flaw by iteratively submitting modified ciphertexts and analyzing responses to infer the plaintext without possessing the private key. This issue has been patched in version 3.47.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-6164 – TOTOLINK A3002R HTTP POST Request Handler Buffer Overflow Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

How to Build Your First Website in 10 Minutes (No Coding Required)

Easy Ways to Check Python Version in Windows CMD

Host concurrent LLMs with LoRAX

CVE-2025-20216 – Cisco Catalyst SD-WAN Manager Cross-Site Scripting (XSS)

CVE-2025-49824 – Conda-Smithy Oracle Padding Attack

Banana Pi BPI-F3 Single Board Computer Running Linux: Introduction

Kali Linux 2019.4 Upgrading and fixing errors | Using both GNOME and xfce

CISA Catalog Update-June 25, 2025

CVE-2025-6164 – TOTOLINK A3002R HTTP POST Request Handler Buffer Overflow Vulnerability

Related Posts