EUVD-2025-17616CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and may be actively exploited in the wild.
Technical Context
This vulnerability exists in the HTTP POST request handler component of TOTOLINK EX1200T WiFi routers, specifically in the /boafrm/formWsc endpoint. The vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where insufficient input validation and bounds checking allow attackers to write data beyond allocated buffer boundaries. The affected component is part of the router's web-based management interface (likely the 'boa' HTTP server used in embedded networking devices). The vulnerable firmware versions range from base 4.1.2cu up to 5232_B20210713, suggesting this is a consumer-grade 802.11ac WiFi router with a web management portal written in C/C++ without proper memory safety mechanisms.
Affected Products
TOTOLINK EX1200T: Firmware versions 4.1.2cu.5232_B20210713 and earlier. CPE would be: cpe:2.3:o:totolink:ex1200t_firmware:*:*:*:*:*:*:*:* (versions <=4.1.2cu.5232_B20210713). Device CPE: cpe:2.3:h:totolink:ex1200t:-:*:*:*:*:*:*:*. The affected product is a consumer WiFi router typically sold through electronics retailers and used in SMB/enterprise environments for branch connectivity. Vendor has not released public advisory information in accessible sources as of this analysis.
Remediation
IMMEDIATE ACTIONS: (1) Upgrade firmware to version after 4.1.2cu.5232_B20210713 if available from TOTOLINK. Check TOTOLINK support portal (totolink.net) for latest EX1200T firmware releases. (2) If no patched firmware is available, implement network segmentation: restrict HTTP/HTTPS access to router management interface to trusted internal networks only via firewall rules, disallow remote management (disable UPnP, remote admin features). (3) Change default admin credentials to strong passwords immediately. (4) Disable unnecessary services (UPnP, remote management) if not required. (5) Monitor router logs for POST requests to /boafrm/formWsc endpoint. MEDIUM-TERM: (1) Evaluate router replacement with firmware-updatable alternatives from vendors with active security patches. (2) Implement WAF rules if router is accessible from untrusted networks. (3) Apply principle of least privilege to router access. Note: TOTOLINK is known for inconsistent security patching; verify patch availability before rollout as some firmware versions may not be released publicly.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today