CVE-2025-8137
Published: 25 July 2025
Summary
CVE-2025-8137 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A702R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of the 'mac' argument in HTTP POST requests to /boafrm/formIpQoS, directly preventing the buffer overflow by restricting input size and format.
SI-16 implements memory protections like address space layout randomization and non-executable stacks to mitigate exploitation of the buffer overflow in the HTTP POST handler.
SI-2 ensures timely firmware updates to remediate the specific buffer overflow vulnerability in TOTOLINK A702R firmware version 4.0.0-B20230721.1521.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing web management interface (/boafrm/formIpQoS) enables remote exploitation for initial access (T1190) and denial-of-service via application crash (T1499.004), as demonstrated by public PoC.
NVD Description
A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to…
more
buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-8137 is a critical buffer overflow vulnerability (CVSS 3.1 score of 8.8) affecting the TOTOLINK A702R router running firmware version 4.0.0-B20230721.1521. The issue resides in an unknown functionality of the /boafrm/formIpQoS component within the HTTP POST Request Handler, where manipulation of the "mac" argument triggers the overflow. It maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).
The vulnerability enables remote exploitation by an authenticated attacker with low privileges (PR:L), requiring no user interaction and low attack complexity (AC:L) over the network (AV:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution or denial of service on the affected device.
Advisories from VulDB (ctiid.317533, id.317533, submit.620483) document the issue and recent submission details, while a GitHub repository (panda666-888/vuls) discloses a public proof-of-concept exploit targeting the formIpQoS endpoint. The vendor's site (totolink.net) is referenced but provides no specific patch information in available details; practitioners should check for firmware updates directly.
Details
- CWE(s)