A critical buffer overflow vulnerability in TOTOLINK N302R Plus firmware allows authenticated attackers to execute arbitrary code or compromise the device.

This is a buffer overflow vulnerability located in the /boafrm/formPortFw endpoint. The service_type parameter lacks sufficient bounds checking, allowing authenticated attackers to trigger memory corruption.

The CVSS score of 8.8 reflects the high risk of total device compromise. Successful exploitation could allow an attacker to take full control of the router, leading to unauthorized network access, interception of traffic, and potential lateral movement into the internal network environment.

Immediate Action: Verify if your device is running firmware version 3.4.0-B20201028 or earlier and consult the TOTOLINK support portal for available security updates.

Proactive Monitoring: Monitor network traffic logs for anomalous HTTP POST requests directed at the /boafrm/formPortFw endpoint.

Compensating Controls: Restrict administrative access to the router’s management interface to trusted internal IP addresses only.

Public Exploit Available: True

Due to the high CVSS score and the existence of public exploit code, this vulnerability poses a severe threat to network integrity. Administrators are urged to prioritize firmware updates and isolate vulnerable devices from the public internet until patches are applied.