CVE-2025-9780 is a high-severity buffer overflow vulnerability identified in the TOTOLINK A702R router, specifically in version 4.0.0-B20211108.1423. The flaw exists in the function sub_419BE0 within the /boafrm/formIpQoS file, where improper handling of the 'mac' argument leads to a buffer overflow condition. This vulnerability can be exploited remotely without requiring user interaction or prior authentication, making it particularly dangerous. The buffer overflow could allow an attacker to execute arbitrary code on the device, potentially gaining control over the router's firmware. Given the router's role in managing network traffic and security, exploitation could lead to interception or manipulation of network data, disruption of network services, or use of the device as a foothold for further attacks within a network. Although no exploits are currently reported in the wild, a proof-of-concept exploit has been published, increasing the risk of active exploitation. The CVSS 4.0 score of 8.7 reflects the vulnerability's high impact on confidentiality, integrity, and availability, combined with its ease of remote exploitation without authentication or user interaction.

For European organizations, this vulnerability poses significant risks, especially for those relying on TOTOLINK A702R routers in their network infrastructure. Compromise of these routers could lead to unauthorized access to sensitive internal communications, disruption of business-critical network services, and potential lateral movement by attackers within corporate networks. This is particularly concerning for sectors with stringent data protection requirements such as finance, healthcare, and government agencies. Additionally, the ability to remotely exploit the vulnerability without authentication increases the likelihood of automated attacks targeting vulnerable devices exposed to the internet. The potential for attackers to implant persistent backdoors or manipulate traffic could undermine trust in network security and lead to data breaches or operational downtime.

Organizations should immediately verify if they are using the affected TOTOLINK A702R firmware version 4.0.0-B20211108.1423. Since no official patch links are currently provided, it is critical to contact TOTOLINK support for firmware updates or advisories. In the interim, network administrators should restrict remote access to the router's management interface by implementing strict firewall rules to block external access to the device's web interface and related services. Disabling unnecessary services and interfaces, especially those exposed to the internet, can reduce the attack surface. Network segmentation should be employed to isolate vulnerable devices from critical infrastructure. Continuous monitoring for unusual network activity and deployment of intrusion detection systems capable of recognizing exploitation attempts targeting this vulnerability are recommended. Finally, organizations should plan for rapid deployment of patches once available and consider replacing affected hardware if timely updates are not forthcoming.