CVE-2025-9783
Published: 01 September 2025
Summary
CVE-2025-9783 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A702R Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the buffer overflow flaw in sub_418030 by identifying, testing, and deploying firmware patches for the TOTOLINK A702R.
Validates the submit-url argument in /boafrm/formParentControl to enforce bounds checking and prevent buffer overflow exploitation.
Implements memory protections like stack canaries and ASLR to mitigate arbitrary code execution from the buffer overflow vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in publicly accessible web form (/boafrm/formParentControl) on network device directly enables remote exploitation of a public-facing application for arbitrary code execution.
NVD Description
A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly…
more
disclosed and may be utilized.
Deeper analysisAI
CVE-2025-9783 is a buffer overflow vulnerability affecting the TOTOLINK A702R router on firmware version 4.0.0-B20211108.1423. The flaw exists in the sub_418030 function of the /boafrm/formParentControl file, where manipulation of the submit-url argument triggers the overflow. It is classified under CWE-119 and CWE-120, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A remote attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, potentially enabling arbitrary code execution on the affected device.
References point to a GitHub repository containing detailed analysis and a proof-of-concept exploit for the vulnerability, as well as VulDB entries documenting the issue (ctiid.322085 and id.322085). No vendor advisories or patches specifying mitigation steps are detailed in the provided information.
The exploit has been publicly disclosed and may be utilized, as noted in the vulnerability description published on 2025-09-01.
Details
- CWE(s)