Skip to main content

A702r Firmware CVE-2025-9781

HIGH
Buffer Overflow (CWE-119)
2025-09-01 cna@vuldb.com
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:09 vuln.today
PoC Detected
Sep 04, 2025 - 16:42 vuln.today
Public exploit code
CVE Published
Sep 01, 2025 - 14:15 nvd
HIGH 7.4

DescriptionCVE.org

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Affected products include: Totolink A702R Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2025-6393 HIGH POC
8.8 Jun 21

CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting

CVE-2025-6147 HIGH POC
8.8 Jun 17

Critical buffer overflow vulnerability in TOTOLINK A702R router firmware (version 4.0.0-B20230721.1521) affecting the HT

CVE-2025-6825 HIGH POC
8.8 Jun 28

A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerab

CVE-2025-6627 HIGH POC
8.8 Jun 25

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-6940 HIGH POC
8.8 Jul 01

A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability

CVE-2025-9783 HIGH POC
7.4 Sep 01

A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerabilit

CVE-2025-9782 HIGH POC
7.4 Sep 01

A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerability is

CVE-2025-9780 HIGH POC
7.4 Sep 01

A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerability is remo

CVE-2025-9779 HIGH POC
7.4 Sep 01

A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerability

CVE-2025-4835 HIGH
8.7 May 17

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), th

CVE-2025-4834 HIGH
8.7 May 17

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Rated high severity (CVSS 8.7), th

CVE-2025-4833 HIGH
8.7 May 17

A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. Rated h

Share

CVE-2025-9781 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy