PT-2025-30739 · Totolink · Totolink A702R
Panda_0X1
·
Published
2025-07-22
·
Updated
2025-07-30
·
CVE-2025-8138
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TOTOLINK A702R version 4.0.0-B20230721.1521
Description
A critical vulnerability exists in the TOTOLINK A702R. The issue is a buffer overflow within the HTTP POST Request Handler, specifically affecting the file
/boafrm/formOneKeyAccessButton. Manipulation of the submit-url argument can trigger the overflow, allowing for remote attacks. The exploit has been publicly disclosed.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Totolink A702R