CVE-2025-8136
Published: 25 July 2025
Summary
CVE-2025-8136 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A702R Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
A critical buffer overflow vulnerability exists in the TOTOLINK A702R router running firmware 4.0.0-B20230721.1521. The flaw is located in an unknown function of the /boafrm/formFilter file within the HTTP POST Request Handler component. Manipulation of the ip6addr argument triggers the overflow, which is tracked under CWE-119 and CWE-120 and carries a CVSS 4.0 score of 7.4.
An authenticated attacker with network access can exploit the issue remotely to achieve high impact on confidentiality, integrity, and availability. The attack requires no user interaction and a publicly disclosed proof-of-concept is available, allowing an adversary to send a crafted HTTP POST request that overflows the buffer.
References point to a GitHub disclosure, multiple VulDB entries, and the vendor site, but contain no details on patches, firmware updates, or other mitigations. The associated EPSS score has remained low and essentially flat at 0.0143–0.0144.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22574
Vulnerability details
A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. It…
more
is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing router web interface (/boafrm/formFilter) enables remote exploitation (T1190) and application/system DoS via crafted HTTP POST with ip6addr (T1499.004). PoC demonstrates DoS; critical impact on CIA suggests potential for broader abuse.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 requires validation of inputs like the ip6addr argument in HTTP POST requests to prevent buffer overflows by ensuring proper length and format checks.
SI-16 implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of buffer overflows even if invalid input reaches the vulnerable function.
SI-2 mandates timely identification, reporting, and patching of flaws like this buffer overflow vulnerability in router firmware to eliminate the root cause.