How to fix EUVD-2025-17613?

Within 24 hours: Audit all network infrastructure to identify and inventory any TOTOLIK EX1200T devices in use; isolate affected devices to a segregated network segment if removal is not immediately possible. Within 7 days: Contact TOTOLINK for patch availability status and timeline; implement compensating controls listed below; begin procurement of replacement routers from alternative vendors. Within 30 days: Complete replacement of all vulnerable TOTOLINK EX1200T units with patched or alternative hardware; validate remediation across all network segments.

Is Ex1200t Firmware affected by EUVD-2025-17613?

A critical buffer overflow vulnerability in TOTOLINK EX1200T routers (versions up to 4.1.2cu.5232_B20210713) allows remote attackers to execute arbitrary code without authentication.

EUVD-2025-17613

| CVE-2025-5908 HIGH

2025-06-10 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17613

PoC Detected

Jun 16, 2025 - 17:21 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 01:15 nvd

HIGH 8.8

Description

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The exploit has been publicly disclosed and proof-of-concept code is available, making this a high-priority threat for affected deployments.

Technical Context

This vulnerability exists in the HTTP POST request handler component of TOTOLINK's web management interface, specifically in the /boafrm/formIpQoS endpoint. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where user-supplied input via HTTP POST parameters is not properly validated before being copied into a fixed-size buffer. The vulnerable code processes Quality of Service (QoS) configuration parameters without adequate bounds checking. TOTOLINK EX1200T (CPE: cpe:2:3:totolink:ex1200t:*:*:*:*:*:*:*:*) is a dual-band AC1200 wireless router commonly deployed in small office and home office (SOHO) environments. The affected versions through 4.1.2cu.5232_B20210713 lack proper input sanitization in the firmware's embedded web server (likely BOA or similar lightweight HTTP daemon, indicated by the 'boafrm' path prefix).

Affected Products

EX1200T (up to 4.1.2cu.5232_B20210713)

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +44

POC: +20

EUVD-2025-17613 vulnerability details – vuln.today

Back

EUVD-2025-17613

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

EUVD-2025-17613

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code