CVE-2025-4823

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R and A3002RU version 3.0.0-B20230809.1615

Description: A critical issue affects the submit-url function of the file /boafrm/formReflashClientTbl in the HTTP POST Request Handler component, leading to a buffer overflow. This can be exploited remotely. The exploit has been publicly disclosed and may be used.

Recommendations: For TOTOLINK A702R, A3002R and A3002RU version 3.0.0-B20230809.1615, consider disabling the submit-url function of the /boafrm/formReflashClientTbl file in the HTTP POST Request Handler component as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the submit-url function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.