How to fix CVE-2025-6302?

Within 24 hours: Identify all TOTOLIK EX1200T 4.1.2cu.5232_B20210713 devices in your network and isolate them from critical systems or production networks if possible. Within 7 days: Implement network-based access controls to restrict external access to the vulnerable CGI endpoint (/cgi-bin/cstecgi.cgi) and monitor for exploitation attempts. Within 30 days: Contact TOTOLINK for patch availability; evaluate replacement with alternative devices from vendors with active security support if patches are not forthcoming.

Is Ex1200t Firmware affected by CVE-2025-6302?

A critical remote code execution vulnerability affecting TOTOLINK EX1200T routers (CVE-2025-6302) has been publicly disclosed with working exploits available.

CVE-2025-6302

EUVD-2025-18714 HIGH

2025-06-20 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18714

PoC Detected

Jul 02, 2025 - 17:40 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 03:15 nvd

HIGH 8.8

Description

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

CVE-2025-6302 is a critical stack-based buffer overflow vulnerability in TOTOLINK EX1200T router firmware version 4.1.2cu.5232_B20210713, specifically in the setStaticDhcpConfig function of /cgi-bin/cstecgi.cgi. An authenticated attacker can exploit this by sending a malicious Comment parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this actively exploitable.

Technical Context

The vulnerability exists in the CGI binary interface (/cgi-bin/cstecgi.cgi) of TOTOLINK's embedded router firmware, which handles DHCP configuration via the setStaticDhcpConfig function. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow where user-supplied input in the 'Comment' parameter is not properly validated before being written to a fixed-size stack buffer. This is typical of legacy embedded device firmware written in C without modern memory safety protections. The affected CPE would be cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*. The vulnerability affects the HTTP/HTTPS interface commonly found on residential and small-business routers.

Affected Products

EX1200T (['4.1.2cu.5232_B20210713'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: +20

CVE-2025-6302 vulnerability details – vuln.today

Back

CVE-2025-6302

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-6302

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code