What is the CVSS score of CVE-2025-5600?

CVE-2025-5600 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.5%.

Which versions of Ex1200t Firmware are affected by CVE-2025-5600?

A critical remote code execution vulnerability in TOTOLIK EX1200T routers allows unauthenticated attackers to gain complete system control through a buffer overflow exploit that is publicly available…

Is there a public PoC exploit available for CVE-2025-5600?

Yes, a public proof-of-concept exploit is available for CVE-2025-5600. Prioritise patching immediately. EPSS: 0.5%.

How to fix or mitigate CVE-2025-5600?

Within 24 hours: Identify all TOTOLINK EX1200T 4.1.2cu.5232_B20210713 devices on your network using asset discovery tools and isolate affected devices from critical systems. Within 7 days: Implement network segmentation to restrict router access, apply WAF rules blocking requests to /cgi-bin/cstecgi.cgi with suspicious LangType parameters, and disable the setLanguageCfg function if possible through device configuration. Within 30 days: Contact TOTOLINK for patch availability status; if no patch is released, evaluate replacing affected devices with alternative router models from vendors with active security support, or implement proxy-based access controls to severely restrict administrative interfaces.

Ex1200t Firmware CVE-2025-5600

EUVD-2025-16902 CRITICAL

Buffer Overflow (CWE-119)

2025-06-04 cna@vuldb.com

Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16902

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

PoC Detected

Jun 10, 2025 - 15:09 vuln.today

Public exploit code

CVE Published

Jun 04, 2025 - 18:15 nvd

CRITICAL 9.8

DescriptionNVD

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.