CVE-2025-6940

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R version 4.0.0-B20230721.1521

Description: A critical vulnerability affects an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the submit-url argument leads to a buffer overflow. The attack can be launched remotely.

Recommendations: For TOTOLINK A702R version 4.0.0-B20230721.1521, as a temporary workaround, consider restricting access to the /boafrm/formParentControl file to minimize the risk of exploitation. Avoid using the submit-url argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.