Totolink A702r Firmware

TOTOLINK A702R 4.0.0 RCE via HTTP POST Buffer Overflow /formWlanMultipleAP
CVE-2025-8140 8.8 - High - July 25, 2025

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

TOTOLINK A702R 4.0.0-B20230721.1521 RCE via HTTP POST Buffer Overflow
CVE-2025-8139 8.8 - High - July 25, 2025

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Totolink A702R 4.0.0 Buffer Overflow in formOneKeyAccessButton HTTP POST Handler
CVE-2025-8138 8.8 - High - July 25, 2025

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

TOTOLINK A702R 4.0.0-B202307211521 RCE via /boafrm/formIpQoS mac BF
CVE-2025-8137 8.8 - High - July 25, 2025

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

TOTOLINK A702R v4.0.0-B20230721.1521 RCE via HTTP POST buffer overflow
CVE-2025-8136 7.5 - High - July 25, 2025

A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

TOTOLINK A702R 4.0.0-B20230721.1521 Buffer Overflow in HTTP POST Handler-Remote
CVE-2025-6940 8.8 - High - July 01, 2025

A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

TOTOLINK A702R 4.0.0-B20230721.1521 HTTP POST Handler Buffer Overflow
CVE-2025-6825 8.8 - High - June 28, 2025

A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

TOTOLINK A702R 4.0.0-B20230721.1521 Remote Buffer Overflow in /boafrm/formIpv6Setup
CVE-2025-6627 8.8 - High - June 25, 2025

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

TOTOLINK A702R 4.0.0 buffer overflow in HTTP POST Request Handler
CVE-2025-6147 8.8 - High - June 17, 2025

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands
CVE-2019-19824 - January 27, 2020

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2.