CVE-2025-9781
Published: 01 September 2025
Summary
CVE-2025-9781 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A702R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of the buffer overflow flaw in the sub_4162DC function via firmware patching for the TOTOLINK A702R.
Requires validation of the ip6addr argument in /boafrm/formFilter to prevent malformed IPv6 inputs from triggering the buffer overflow.
Implements memory protections like stack canaries and ASLR to mitigate exploitation of the buffer overflow for arbitrary code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public web form (/boafrm/formFilter) enables remote authenticated exploitation for RCE and privilege escalation on network device.
NVD Description
A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to…
more
the public and may be used.
Deeper analysisAI
CVE-2025-9781 is a buffer overflow vulnerability affecting the TOTOLINK A702R router on firmware version 4.0.0-B20211108.1423. The flaw exists in the sub_4162DC function of the /boafrm/formFilter file, where manipulation of the ip6addr argument triggers the overflow. It is classified under CWE-119 and CWE-120, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A remote attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation leads to high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise on the affected router.
References including VulDB entries and a GitHub repository provide details on the vulnerability, with the latter disclosing a proof-of-concept exploit that may be used by attackers. No patches or specific mitigation guidance are detailed in the available advisories.
The exploit has been publicly disclosed, elevating the risk for unpatched TOTOLINK A702R devices exposed to the internet.
Details
- CWE(s)