CVE-2025-8140
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-28
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a702r_firmware | 4.0.0-b20230721.1521 |
| totolink | a702r | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical buffer overflow in the TOTOLINK A702R router (version 4.0.0-B20230721.1521). It occurs in the HTTP POST request handler at the endpoint /boafrm/formWlanMultipleAP, specifically due to improper handling of the 'submit-url' argument. An attacker can send a specially crafted POST request that causes a buffer overflow, potentially leading to denial of service or other impacts on the device. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without authentication, allowing an attacker to cause a denial of service (DoS) on the affected router, disrupting its normal operation. It impacts the confidentiality, integrity, and availability of the device, potentially allowing attackers to compromise the router's functions. Since the exploit is publicly available and no official patch exists, the risk of exploitation is high. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP POST requests sent to the endpoint /boafrm/formWlanMultipleAP on TOTOLINK A702R routers version 4.0.0-B20230721.1521. You can use network traffic analysis tools like tcpdump or Wireshark to capture and filter POST requests to this specific path. For example, a tcpdump command to capture such traffic might be: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/boafrm/formWlanMultipleAP'. Additionally, checking logs for unusual or malformed POST requests to this endpoint may help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing the use of the affected TOTOLINK A702R router version 4.0.0-B20230721.1521 or isolating it from the network to prevent remote exploitation. Since no official patch or fix is available from the vendor, replacing the device with a secure and updated model is recommended. Additionally, restricting access to the router's management interface and blocking HTTP POST requests to /boafrm/formWlanMultipleAP at the network perimeter can reduce risk. [2]