What is the CVSS score of CVE-2025-6143?

CVE-2025-6143 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Ex1200t Firmware are affected by CVE-2025-6143?

A remote code execution vulnerability affecting TOTOLIK EX1200T routers (model 4.1.2cu.5232_B20210713) has been publicly disclosed with working exploits available.

Is there a public PoC exploit available for CVE-2025-6143?

Yes, a public proof-of-concept exploit is available for CVE-2025-6143. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2025-6143?

Within 24 hours: Inventory all TOTOLINK EX1200T devices in your environment and isolate affected units from critical network segments if possible. Within 7 days: Implement network access controls (WAF rules, IP whitelisting) to restrict access to the vulnerable HTTP endpoint (/boafrm/formNtp) and consider disabling NTP configuration if not essential. Within 30 days: Replace affected devices with patched models or alternative vendors, as no vendor patch is currently available and the vulnerability is actively exploited.

Ex1200t Firmware CVE-2025-6143

EUVD-2025-18425 HIGH

Buffer Overflow (CWE-119)

2025-06-16 cna@vuldb.com

RCE Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18425

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

PoC Detected

Jun 23, 2025 - 19:29 vuln.today

Public exploit code

CVE Published

Jun 16, 2025 - 23:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component that processes NTP (Network Time Protocol) configuration parameters. The affected file /boafrm/formNtp fails to properly validate the length of the 'submit-url' argument before copying it into a fixed-size buffer, resulting in a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). The TOTOLINK EX1200T is a wireless router that uses embedded HTTP services for administrative configuration. The vulnerability is present in firmware version 4.1.2cu.5232_B20210713 and potentially affects CPE: cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*. The buffer overflow allows attackers to overwrite the stack, potentially redirecting program execution to attacker-controlled code.

RemediationAI

Primary: Update firmware to a patched version released by TOTOLINK addressing CVE-2025-6143. Contact TOTOLINK support or check the official product support page at totolink.net for available firmware updates. If a patch is not available, implement network-level mitigations: (1) Restrict HTTP administrative access to the router via firewall rules, limiting access to trusted IP addresses/networks; (2) Enforce strong, unique credentials for router administrative accounts to prevent unauthorized authentication; (3) Disable remote management features if not required; (4) Isolate the router on a separate administrative VLAN with restricted access. Monitor for suspicious HTTP POST requests to /boafrm/formNtp with unusually long submit-url parameters.