CVE-2025-6147

Name of the Vulnerable Software and Affected Versions TOTOLINK A702R version 4.0.0-B20230721.1521

Description A critical vulnerability was found in the TOTOLINK A702R, affecting unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the submit-url argument leads to a buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For TOTOLINK A702R version 4.0.0-B20230721.1521, update the firmware to a newer version to mitigate the risk of buffer overflow via the HTTP POST Request Handler. As a temporary workaround, consider restricting access to the /boafrm/formSysLog file and the submit-url argument in the HTTP POST Request Handler until a patch is available.