CVE-2025-9780
BaseFortify
Publication date: 2025-09-01
Last updated on: 2025-09-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a702r_firmware | 4.0.0-b20211108.1423 |
| totolink | a702r | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9780 is a buffer overflow vulnerability in the TOTOLINK A702R router firmware version 4.0.0-B20211108.1423. It occurs in the function sub_419BE0 within the /boafrm/formIpQoS endpoint, specifically due to improper handling of the 'mac' argument. This allows an attacker to send a specially crafted request that overflows a buffer, potentially causing the router's program to crash or behave unexpectedly. The vulnerability can be exploited remotely and a proof-of-concept exploit is publicly available. [1, 2]
How can this vulnerability impact me? :
Exploiting this vulnerability can compromise the confidentiality, integrity, and availability of the affected TOTOLINK A702R router. An attacker can remotely cause the device to crash or potentially execute arbitrary code, leading to denial of service or unauthorized control over the device. The attack complexity is low, and no known mitigations currently exist, making it a critical risk to network security. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP requests to the /boafrm/formIpQoS endpoint containing unusually long or malformed 'mac' arguments that could trigger the buffer overflow. Since the exploit is publicly available, you can use network traffic inspection tools like tcpdump or Wireshark to capture HTTP requests to this endpoint. For example, using tcpdump: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and then filtering for requests to /boafrm/formIpQoS. Additionally, you can use curl or wget to test the endpoint manually by sending crafted requests with oversized 'mac' parameters to see if the device crashes or behaves unexpectedly. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting remote access to the affected TOTOLINK A702R device, especially blocking access to the /boafrm/formIpQoS endpoint from untrusted networks. Since no known countermeasures or patches currently exist, it is recommended to replace the affected product or upgrade to a firmware version that addresses the vulnerability once available. Additionally, monitor the device for crashes or unusual behavior indicating exploitation attempts and consider isolating the device from critical network segments until a fix is applied. [2]