What is the CVSS score of CVE-2025-6144?

CVE-2025-6144 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of Ex1200t Firmware are affected by CVE-2025-6144?

A critical remote code execution vulnerability affecting TOTOLINK EX1200T routers has been publicly disclosed with working exploits available.

Is there a public PoC exploit available for CVE-2025-6144?

Yes, a public proof-of-concept exploit is available for CVE-2025-6144. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate CVE-2025-6144?

Within 24 hours: Identify all TOTOLIK EX1200T 4.1.2cu.5232_B20210713 devices on your network and isolate them from critical systems if possible; enable enhanced monitoring for exploitation attempts. Within 7 days: Contact TOTOLINK for patch availability and timeline; implement network segmentation to restrict access to affected devices; configure firewall rules to block external HTTP POST requests to /boafrm/formSysCmd. Within 30 days: Deploy patches immediately upon release; if no patch materializes, evaluate device replacement or decommissioning.

Ex1200t Firmware CVE-2025-6144

EUVD-2025-18424 HIGH

Buffer Overflow (CWE-119)

2025-06-16 cna@vuldb.com

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18424

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

PoC Detected

Jun 23, 2025 - 19:29 vuln.today

Public exploit code

CVE Published

Jun 16, 2025 - 23:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

Technical ContextAI

This vulnerability exists in the HTTP POST request handler component of the TOTOLINK EX1200T router's web management interface. The affected endpoint /boafrm/formSysCmd processes user-supplied input via the 'submit-url' parameter without proper bounds checking, triggering CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The router firmware 4.1.2cu.5232_B20210713 contains insufficient input validation in the form submission handler, allowing attackers to write beyond allocated buffer boundaries. This is a classic buffer overflow vulnerability in embedded device firmware where legacy C-based code often lacks modern memory safety protections. The vulnerability affects CPE: cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*

CVE-2025-6144 vulnerability details – vuln.today

Back

Ex1200t Firmware CVE-2025-6144

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Share

External POC / Exploit Code