What is the CVSS score of EUVD-2025-18457?

EUVD-2025-18457 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of A702r Firmware are affected by EUVD-2025-18457?

A critical buffer overflow vulnerability in TOTOLIK A702R routers exposes organizations to remote code execution attacks with no available patch.

Is there a public PoC exploit available for EUVD-2025-18457?

Yes, a public proof-of-concept exploit is available for EUVD-2025-18457. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate EUVD-2025-18457?

Within 24 hours: Inventory all TOTOLIK A702R routers in the environment and isolate affected devices from critical network segments if possible. Within 7 days: Implement network-level mitigations (WAF rules blocking /boafrm/formSysLog POST requests with submit-url parameters, restrict management interface access via firewall rules). Within 30 days: Develop replacement strategy and begin procurement of alternative router models; contact vendor for patch timeline and escalate to executive leadership if patch remains unavailable.

A702r Firmware EUVD-2025-18457

| CVE-2025-6147 HIGH

Buffer Overflow (CWE-119)

2025-06-17 cna@vuldb.com

Buffer Overflow TP-Link Remote Code Execution A702r Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18457

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

PoC Detected

Jun 23, 2025 - 19:29 vuln.today

Public exploit code

CVE Published

Jun 17, 2025 - 01:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in TOTOLINK A702R router firmware (version 4.0.0-B20230721.1521) affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this vulnerability remotely by manipulating the submit-url parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, significantly elevating real-world exploitation risk.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component of the TOTOLINK A702R router's web interface, specifically within the /boafrm/formSysLog endpoint. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where user-supplied input to the submit-url parameter is not properly validated or bounds-checked before being copied into a fixed-size buffer. This occurs during parsing of formSysLog form submissions. TOTOLINK A702R is an entry-level 802.11n wireless router commonly deployed in small office/home office (SOHO) environments. The affected firmware version 4.0.0-B20230721.1521 indicates a build from July 2023. The vulnerability allows an authenticated user with valid credentials to the router's administrative interface to overflow the buffer and execute arbitrary code in the context of the router's HTTP daemon process.

RemediationAI

Immediate actions: (1) Check TOTOLINK's official website (https://www.totolink.net/) for firmware updates released after 4.0.0-B20230721.1521; (2) If a patched firmware version is available, download and apply it following the vendor's update procedure (typically via the router's web interface or via TFTP); (3) If no patch is available, implement compensating controls: restrict HTTP access to the /boafrm/formSysLog endpoint via firewall rules, disable remote management/WAN access to the router's web interface, and enforce strong administrator credentials; (4) Monitor router logs for POST requests to /boafrm/formSysLog with suspicious submit-url parameter values; (5) Consider replacing the affected device if the vendor does not provide timely security updates, particularly in production environments. Contact TOTOLINK support at support@totolink.net or via their website for vendor advisory and patch availability.