CVE Alert: CVE-2025-9781 - TOTOLINK - A702R

CVE-2025-9781

HIGHNo exploitation known

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS v3.1 (8.8)

Vendor

TOTOLINK

Product

A702R

Versions

4.0.0-B20211108.1423

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-09-01T13:32:09.164Z

Updated

2025-09-01T13:32:09.164Z

References

https://vuldb.com/?id.322083

https://vuldb.com/?ctiid.322083

https://vuldb.com/?submit.640989

https://github.com/rew1X/CVE/blob/main/TOTOLINK/A702R/formFilter/formFilter.md

https://github.com/rew1X/CVE/blob/main/TOTOLINK/A702R/formFilter/formFilter.md#poc

https://www.totolink.net/

AI Summary Analysis

Risk verdict

High risk: remote code execution on TOTOLINK A702R via a buffer overflow with a publicly disclosed exploit; ensure devices exposed to the network are patched promptly.

Why this matters

The flaw allows unauthenticated network access to trigger memory corruption, potentially yielding control of the device. In environments where routers form the perimeter or internal segmentation relies on these devices, attacker footholds could enable monitoring, traffic manipulation, or pivot into connected hosts.

Most likely attack path

An attacker can reach the vulnerable formFilter routine over the network (AV:N, UI:N), exploiting the crafted ip6addr input to cause overflow (C:H/I:H/A:H). Exploitation runs with low-priority privileges but can compromise the appliance itself, providing high-impact control of routing and data paths. Scope remains unchanged, so the attacker may abuse the device without requiring a full trust boundary break, facilitating rapid impact within the targeted network.

Who is most exposed

Consumer and SMB deployments of TOTOLINK A702R, especially where the device is internet-facing or remote management is enabled, are at greatest risk. Networks relying on this model as the primary router or gateway are prime targets.

Detection ideas

Unexpected device reboots or memory corruption crashes in logs.
Anomalous traffic patterns targeting the management interface or formFilter endpoints.
IDS/IPS signatures for known payloads or IP6addr-like crafting attempts.
Unusual CPU/memory spikes on the device.

Mitigation and prioritisation

Apply the vendor patch (update to 4.0.0-B20211108.1423 or newer) immediately.
Disable remote management or restrict access to trusted networks; implement tight ACLs and firewall rules.
Segment and isolate the router management plane from user traffic; consider temporary compensating controls (WAF, reverse proxy) if patching cannot be applied promptly.
Plan a change window for deployment and verification in staging before production rollout.
If KEV true or EPSS ≥ 0.5 (not provided here), treat as priority 1; otherwise categorise as high priority given CVSS severity.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: a702r, CVE, cve-2025-9781, OSINT, threatintel, totolink