CVE-2025-9782
Published: 01 September 2025
Summary
CVE-2025-9782 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A702R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the submit-url argument to prevent buffer overflow from improper input handling in the vulnerable function.
Implements memory protections like stack canaries, ASLR, and DEP to mitigate exploitation of the buffer overflow for arbitrary code execution.
Mandates timely remediation of the identified buffer overflow flaw through firmware patching to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote buffer overflow vulnerability in the router's web interface (/boafrm/formOneKeyAccessButton) via the submit-url parameter enables exploitation to crash the application/service, facilitating endpoint denial of service through application or system exploitation.
NVD Description
A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been made public…
more
and could be used.
Deeper analysisAI
CVE-2025-9782 is a buffer overflow vulnerability (CWE-119, CWE-120) discovered in the TOTOLINK A702R router firmware version 4.0.0-B20211108.1423. The flaw affects the function sub_4466F8 in the file /boafrm/formOneKeyAccessButton, where manipulation of the submit-url argument triggers the overflow. Published on 2025-09-01, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation results in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or complete system compromise.
References include a GitHub repository by rew1X detailing the vulnerability and providing a proof-of-concept exploit, along with VulDB entries (ctiid.322084, id.322084, submit.640990) confirming the issue and public disclosure. No vendor patches or specific mitigation guidance are detailed in the provided sources.
Details
- CWE(s)