Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent-network reachability to the web UI, no auth or interaction on the login endpoint, and root-level RCE yield full CIA impact; scope unchanged since impact stays within the device OS.
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing data, as well as bricking the router.
Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 9.3.5u.6146_B20201023 but may also affect other versions.
AnalysisAI
Stack-based buffer overflow in the Totolink EX1200L router's login handler (cgi-bin/cstecgi.cgi) allows remote attackers on the adjacent network to crash the device or execute arbitrary code as root. Confirmed on firmware 9.3.5u.6146_B20201023 with no public exploit identified at time of analysis, but vendor contact attempts by CERT-PL were unsuccessful so no patch is available. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must reach the EX1200L web administration service on /cgi-bin/cstecgi.cgi from the adjacent network (CVSS AV:A) - typically the same Wi-Fi SSID or wired LAN segment as the router - and no credentials or user interaction are required (PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to high real-world risk where the device is exposed: CVSS 4.0 of 9.4 with AV:A, AC:L, PR:N, UI:N indicates a trivially triggered unauthenticated overflow, and the VC/VI/VA:H plus SC/SI/SA:H impacts confirm root-level compromise that can pivot into the LAN. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has joined the same Wi-Fi network as the EX1200L (for example via a guest SSID, a cracked WPA2 key, or a compromised LAN host) sends an oversized login parameter to /cgi-bin/cstecgi.cgi, overflowing a stack buffer and either crashing the device or executing a MIPS/ARM payload as root. With root on the router the attacker can sniff and modify all traffic, pivot to internal hosts, install persistent implants, or brick the unit. … |
| Remediation | No vendor-released patch identified at time of analysis - Totolink did not respond to CERT-PL's coordinated disclosure attempts, so monitor https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/217/ids/36.html for an updated firmware image newer than 9.3.5u.6146_B20201023 and apply it once published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all Totolik EX1200L devices running firmware 9.3.5u.6146_B20201023 and segregate affected routers to isolated VLANs if possible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38425
GHSA-7mjx-95cj-9wpm