CVE Alert: CVE-2025-9779 - TOTOLINK - A702R

CVE-2025-9779

HIGHNo exploitation known

A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVSS v3.1 (8.8)

Vendor

TOTOLINK

Product

A702R

Versions

4.0.0-B20211108.1423

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-09-01T12:32:09.168Z

Updated

2025-09-01T12:32:09.168Z

References

https://vuldb.com/?id.322081

https://vuldb.com/?ctiid.322081

https://vuldb.com/?submit.640987

https://github.com/rew1X/CVE/blob/main/TOTOLINK/A702R/formFilter/formFilter.md

https://github.com/rew1X/CVE/blob/main/TOTOLINK/A702R/formFilter/formFilter.md#poc

https://www.totolink.net/

AI Summary Analysis

Risk verdict

Critical risk with a public exploit; remote code execution is feasible and the vulnerability should be treated as priority 1.

Why this matters

Public availability of the exploit means active attempts are likely targeting affected devices in the wild. High impact across confidentiality, integrity and availability could allow full device takeover, traffic manipulation and potential pivot to adjacent network assets.

Most likely attack path

An attacker can remotely trigger a buffer overflow in formFilter via the ip6addr parameter without user interaction, gaining code execution on the device (AV:N, AC:L, PR:L, UI:N, S:U, C/H/I/A:H). Exploitation requires no privileges and could crash or compromise the device, enabling subsequent control of management interfaces or LAN traffic. Lateral movement is plausible to other devices on the same network or to exposed services if the router functions as a gateway.

Who is most exposed

Commonly deployed in consumer and small business networks with internet-facing management or weakly protected WAN access. Environments with remote admin enabled or devices exposed directly to the internet are especially at risk.

Detection ideas

Unusual or crafted long ip6addr inputs targeting /boafrm/formFilter.
Repeated attempts or crashes in router/web admin logs around formFilter handling.
Unexpected reboot/crash events following specific HTTP requests.
Indicators in network firewall/WAF showing PoC-like payloads.
Signature matches from IOCs indicating this CVE formFilter activity.

Mitigation and prioritisation

Apply the vendor patch/firmware update as soon as available.
If no patch yet, disable or tightly restrict remote management (WAN access to admin interface).
Enforce network segmentation; place routers behind a hardened firewall or IDS/IPS rules for formFilter patterns.
Monitor for exploitation attempts and validate device integrity after exposure.
Change-management: coordinate with TOTOLINK for a confirmed fix; treat as priority 1 due to KEV/public exploit and high-severity CVSS scores.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: a702r, CVE, cve-2025-9779, OSINT, threatintel, totolink