CVE-2025-5909

| EUVD-2025-17617 HIGH
2025-06-10 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17617
PoC Detected
Jun 16, 2025 - 17:14 vuln.today
Public exploit code
CVE Published
Jun 10, 2025 - 02:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK

Description

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formReflashClientTbl endpoint. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploit code has been disclosed, making this an active threat with demonstrated proof-of-concept availability.

Technical Context

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web management interface, specifically within the formReflashClientTbl form processing function. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating a classic stack or heap buffer overflow condition. The vulnerability occurs when user-supplied input from HTTP POST requests is processed without proper bounds checking before being written to a fixed-size buffer. TOTOLINK EX1200T (CPE: cpe:2.3:o:totolink:ex1200t_firmware:*:*:*:*:*:*:*:* up to version 4.1.2cu.5232_B20210713) devices using this vulnerable firmware version are affected. The affected component suggests the vulnerability is in the device's web administration interface, likely used for firmware updates or client management operations.

Affected Products

EX1200T (firmware up to 4.1.2cu.5232_B20210713)

Remediation

- action: Firmware Update; details: Update TOTOLINK EX1200T firmware to version newer than 4.1.2cu.5232_B20210713. Contact TOTOLINK support or check device management interface for available firmware updates. Verify update authenticity through official TOTOLINK channels.; priority: CRITICAL - Apply immediately - action: Access Control Mitigation; details: If firmware update is unavailable, implement network-level mitigations: (1) Restrict access to the device's web management interface (port 80/443) using firewall rules to trusted administrative networks only, (2) Disable remote management if enabled, (3) Change default credentials to strong, unique passwords to reduce authentication bypass risk.; priority: HIGH - Implement pending patch availability - action: Monitoring; details: Monitor device logs for POST requests to /boafrm/formReflashClientTbl with unusually large payloads or malformed input. Configure IDS/IPS signatures to detect buffer overflow attack patterns against this endpoint.; priority: MEDIUM - Implement for detection coverage - action: Device Assessment; details: Audit network inventory for TOTOLINK EX1200T devices and determine firmware versions in use. Prioritize patching for devices exposed to untrusted networks or with multiple user accounts.; priority: MEDIUM - Scope the exposure

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

CVE-2025-5909 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy