Skip to main content

Totolink EX1200L CVE-2026-44089

| EUVDEUVD-2026-38425 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-06-23 CERT-PL GHSA-7mjx-95cj-9wpm
9.4
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Adjacent-network reachability to the web UI, no auth or interaction on the login endpoint, and root-level RCE yield full CIA impact; scope unchanged since impact stays within the device OS.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 23, 2026 - 13:01 vuln.today

DescriptionCVE.org

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing data, as well as bricking the router.

Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 9.3.5u.6146_B20201023 but may also affect other versions.

AnalysisAI

Stack-based buffer overflow in the Totolink EX1200L router's login handler (cgi-bin/cstecgi.cgi) allows remote attackers on the adjacent network to crash the device or execute arbitrary code as root. Confirmed on firmware 9.3.5u.6146_B20201023 with no public exploit identified at time of analysis, but vendor contact attempts by CERT-PL were unsuccessful so no patch is available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Join adjacent Wi-Fi or LAN segment
Delivery
Locate EX1200L web interface
Exploit
Send oversized login parameter to cstecgi.cgi
Execution
Overflow stack buffer in login handler
Persist
Hijack control flow as root
Impact
Pivot to LAN or brick device

Vulnerability AssessmentAI

Exploitation Attacker must reach the EX1200L web administration service on /cgi-bin/cstecgi.cgi from the adjacent network (CVSS AV:A) - typically the same Wi-Fi SSID or wired LAN segment as the router - and no credentials or user interaction are required (PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to high real-world risk where the device is exposed: CVSS 4.0 of 9.4 with AV:A, AC:L, PR:N, UI:N indicates a trivially triggered unauthenticated overflow, and the VC/VI/VA:H plus SC/SI/SA:H impacts confirm root-level compromise that can pivot into the LAN. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has joined the same Wi-Fi network as the EX1200L (for example via a guest SSID, a cracked WPA2 key, or a compromised LAN host) sends an oversized login parameter to /cgi-bin/cstecgi.cgi, overflowing a stack buffer and either crashing the device or executing a MIPS/ARM payload as root. With root on the router the attacker can sniff and modify all traffic, pivot to internal hosts, install persistent implants, or brick the unit. …
Remediation No vendor-released patch identified at time of analysis - Totolink did not respond to CERT-PL's coordinated disclosure attempts, so monitor https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/217/ids/36.html for an updated firmware image newer than 9.3.5u.6146_B20201023 and apply it once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Totolik EX1200L devices running firmware 9.3.5u.6146_B20201023 and segregate affected routers to isolated VLANs if possible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44089 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy