PT-2025-30736 · Totolink · Totolink A702R
Panda_0X1
·
Published
2025-07-22
·
Updated
2025-07-30
·
CVE-2025-8136
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A702R version 4.0.0-B20230721.1521
Description
A critical vulnerability exists in the HTTP POST Request Handler component of TOTOLINK A702R. The vulnerability is due to a buffer overflow triggered by manipulating the
ip6addr argument within a POST request to the /boafrm/formFilter endpoint. This allows for remote exploitation. The exploit has been publicly disclosed.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Totolink A702R