CVE-2025-6143

| EUVD-2025-18425 HIGH
2025-06-16 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18425
PoC Detected
Jun 23, 2025 - 19:29 vuln.today
Public exploit code
CVE Published
Jun 16, 2025 - 23:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK

Description

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.

Technical Context

The vulnerability exists in the HTTP POST request handler component that processes NTP (Network Time Protocol) configuration parameters. The affected file /boafrm/formNtp fails to properly validate the length of the 'submit-url' argument before copying it into a fixed-size buffer, resulting in a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). The TOTOLINK EX1200T is a wireless router that uses embedded HTTP services for administrative configuration. The vulnerability is present in firmware version 4.1.2cu.5232_B20210713 and potentially affects CPE: cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*. The buffer overflow allows attackers to overwrite the stack, potentially redirecting program execution to attacker-controlled code.

Affected Products

Product: TOTOLINK EX1200T (EX1200T wireless router). Affected Version: 4.1.2cu.5232_B20210713. CPE: cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*. No vendor advisory links were provided in the source data. Potentially affected configurations include all EX1200T devices running the vulnerable firmware version in active use, likely including older installations that may not have received security updates.

Remediation

Primary: Update firmware to a patched version released by TOTOLINK addressing CVE-2025-6143. Contact TOTOLINK support or check the official product support page at totolink.net for available firmware updates. If a patch is not available, implement network-level mitigations: (1) Restrict HTTP administrative access to the router via firewall rules, limiting access to trusted IP addresses/networks; (2) Enforce strong, unique credentials for router administrative accounts to prevent unauthorized authentication; (3) Disable remote management features if not required; (4) Isolate the router on a separate administrative VLAN with restricted access. Monitor for suspicious HTTP POST requests to /boafrm/formNtp with unusually long submit-url parameters.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: +20

Share

CVE-2025-6143 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy