CVE-2025-8140
Published: 25 July 2025
Summary
CVE-2025-8140 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A702R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the buffer overflow flaw in the /boafrm/formWlanMultipleAP HTTP POST handler through timely patching or firmware updates.
Validates the 'submit-url' argument in HTTP POST requests to block oversized or malformed inputs that trigger the buffer overflow.
Implements memory protections like non-executable stacks and ASLR to limit arbitrary code execution even if the buffer overflow occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated buffer overflow in the router's HTTP POST handler (/boafrm/formWlanMultipleAP) enables exploitation of a public-facing web application (T1190) and remote service (T1210), facilitating potential code execution or access, and directly supports application exploitation for endpoint denial of service (T1499.004) as demonstrated by the public PoC.
NVD Description
A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.…
more
The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-8140 is a critical buffer overflow vulnerability (CWE-119, CWE-120) in the TOTOLINK A702R router firmware version 4.0.0-B20230721.1521. It affects unknown code within the /boafrm/formWlanMultipleAP file of the HTTP POST Request Handler component. The flaw is triggered by manipulation of the "submit-url" argument.
Attackers with low privileges can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation leads to high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution or system crashes.
References include a GitHub repository at https://github.com/panda666-888/vuls/blob/main/totolink/a702r/formWlanMultipleAP.md disclosing the exploit, VULDB entries at https://vuldb.com/?ctiid.317536, https://vuldb.com/?id.317536, and https://vuldb.com/?submit.620486, and the vendor site at https://www.totolink.net/. Practitioners should review these for mitigation details, patches, or firmware updates.
The exploit has been publicly disclosed, heightening the risk of active exploitation against unpatched TOTOLINK A702R devices.
Details
- CWE(s)