What is the CVSS score of CVE-2025-6302?

CVE-2025-6302 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Ex1200t Firmware are affected by CVE-2025-6302?

A critical remote code execution vulnerability affecting TOTOLINK EX1200T routers (CVE-2025-6302) has been publicly disclosed with working exploits available.

Is there a public PoC exploit available for CVE-2025-6302?

Yes, a public proof-of-concept exploit is available for CVE-2025-6302. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-6302?

Within 24 hours: Identify all TOTOLIK EX1200T 4.1.2cu.5232_B20210713 devices in your network and isolate them from critical systems or production networks if possible. Within 7 days: Implement network-based access controls to restrict external access to the vulnerable CGI endpoint (/cgi-bin/cstecgi.cgi) and monitor for exploitation attempts. Within 30 days: Contact TOTOLINK for patch availability; evaluate replacement with alternative devices from vendors with active security support if patches are not forthcoming.

Ex1200t Firmware CVE-2025-6302

EUVD-2025-18714 HIGH

Buffer Overflow (CWE-119)

2025-06-20 cna@vuldb.com

Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-18714

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

PoC Detected

Jul 02, 2025 - 17:40 vuln.today

Public exploit code

CVE Published

Jun 20, 2025 - 03:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-6302 is a critical stack-based buffer overflow vulnerability in TOTOLINK EX1200T router firmware version 4.1.2cu.5232_B20210713, specifically in the setStaticDhcpConfig function of /cgi-bin/cstecgi.cgi. An authenticated attacker can exploit this by sending a malicious Comment parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this actively exploitable.

Technical ContextAI

The vulnerability exists in the CGI binary interface (/cgi-bin/cstecgi.cgi) of TOTOLINK's embedded router firmware, which handles DHCP configuration via the setStaticDhcpConfig function. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a stack-based buffer overflow where user-supplied input in the 'Comment' parameter is not properly validated before being written to a fixed-size stack buffer. This is typical of legacy embedded device firmware written in C without modern memory safety protections. The affected CPE would be cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*. The vulnerability affects the HTTP/HTTPS interface commonly found on residential and small-business routers.