CVE-2025-45842

HIGH

Totolink Nr1800x Firmware - Out-of-Bounds Write

Title source: rule

Description

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.

References (3)

Core 3

Core References

Exploit

https://github.com/regainer27/CVE-key/tree/main/bo3

View Exploit ZIP pw:eip

Product

https://www.totolink.net/

Product

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/225/ids/36.html

Scores

CVSS v3 8.8

EPSS 0.0034

EPSS Percentile 57.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

totolink/nr1800x_firmware 9.1.0u.6681_b20230703

Published May 08, 2025

Tracked Since Feb 18, 2026