What is the CVSS score of CVE-2025-6128?

CVE-2025-6128 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of Ex1200t Firmware are affected by CVE-2025-6128?

A high-severity remote code execution vulnerability affects TOTOLINK EX1200T routers (version 4.1.2cu.5232_B20210713), allowing attackers to exploit a buffer overflow through HTTP POST requests…

Is there a public PoC exploit available for CVE-2025-6128?

Yes, a public proof-of-concept exploit is available for CVE-2025-6128. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate CVE-2025-6128?

Within 24 hours: Inventory all TOTOLIK EX1200T devices and isolate affected units from critical network segments; restrict WAN access to the management interface. Within 7 days: Contact TOTOLINK support for patch availability and workaround guidance; implement network segmentation to limit router exposure. Within 30 days: Replace affected routers with patched firmware versions or alternative vendors; conduct network forensics to detect any compromise.

Ex1200t Firmware CVE-2025-6128

EUVD-2025-18413 HIGH

Buffer Overflow (CWE-119)

2025-06-16 cna@vuldb.com

RCE Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18413

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

PoC Detected

Jun 27, 2025 - 14:46 vuln.today

Public exploit code

CVE Published

Jun 16, 2025 - 16:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web-based firmware management interface. The affected endpoint /boafrm/formWirelessTbl processes wireless table configuration requests. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating insufficient input validation and buffer boundary checking on the 'submit-url' parameter. The vulnerable code fails to properly validate the length of user-supplied input before copying it into a fixed-size buffer, creating a classic stack or heap-based buffer overflow condition. This is a common pattern in embedded device firmware where input validation is often overlooked in internal administrative interfaces that are assumed to be protected by authentication.

RemediationAI

Immediate actions: (1) Check TOTOLINK security advisories for firmware updates addressing CVE-2025-6128 for EX1200T; (2) If available, upgrade to the latest patched firmware version beyond 4.1.2cu.5232_B20210713; (3) Enforce strong, unique administrative credentials on all TOTOLINK devices (change default credentials immediately); (4) Restrict access to the device management interface to trusted networks only using firewall rules or IP whitelisting; (5) Disable remote management features if not actively required; (6) Monitor device logs for suspicious POST requests to /boafrm/formWirelessTbl with unusual submit-url parameters; (7) Segment IoT/networking devices on separate VLANs to limit lateral movement if compromise occurs. Long-term: Consider replacing end-of-life TOTOLINK devices with actively maintained alternatives if patches are not released within 30 days.