CVE-2025-8136
Published: 25 July 2025
Summary
CVE-2025-8136 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A702R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of inputs like the ip6addr argument in HTTP POST requests to prevent buffer overflows by ensuring proper length and format checks.
SI-16 implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of buffer overflows even if invalid input reaches the vulnerable function.
SI-2 mandates timely identification, reporting, and patching of flaws like this buffer overflow vulnerability in router firmware to eliminate the root cause.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing router web interface (/boafrm/formFilter) enables remote exploitation (T1190) and application/system DoS via crafted HTTP POST with ip6addr (T1499.004). PoC demonstrates DoS; critical impact on CIA suggests potential for broader abuse.
NVD Description
A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. It…
more
is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-8136 is a critical buffer overflow vulnerability (classified under CWE-119 and CWE-120) affecting the TOTOLINK A702R router running firmware version 4.0.0-B20230721.1521. The issue resides in an unknown function within the /boafrm/formFilter file of the HTTP POST Request Handler component. It is triggered by manipulating the ip6addr argument in a POST request, leading to a buffer overflow. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-07-25.
The vulnerability can be exploited remotely by an attacker who has low privileges (PR:L), such as an authenticated user on the device. No user interaction is required, and the low attack complexity enables straightforward exploitation over the network. Successful exploitation grants high-impact confidentiality, integrity, and availability consequences, potentially allowing arbitrary code execution or denial of service on the affected router.
Advisories and additional details are documented on VulDB (including ctiid.317532 and id.317532) and a GitHub repository detailing the exploit at github.com/panda666-888/vuls/blob/main/totolink/a702r/formFilter.md. The vendor's website at www.totolink.net is also referenced for potential patches or updates. The exploit has been publicly disclosed and may be actively used.
Details
- CWE(s)