A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argume…

A critical buffer overflow vulnerability has been discovered in Totolink N300RT firmware version 3.4.0-B20250430. The flaw exists in an unknown function within the /boafrm/formIpQoS file, where manipulation of the entry_name parameter can trigger a buffer overflow condition. This vulnerability can be exploited remotely by attackers without requiring authentication or user interaction. The exploit code has been publicly released and is available for use, significantly increasing the risk of active exploitation. The vulnerability affects the Quality of Service (QoS) configuration functionality of the router, potentially allowing attackers to execute arbitrary code or cause denial of service conditions.