EUVD-2025-17614
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at the /boafrm/formFilter endpoint. An authenticated remote attacker can exploit this vulnerability to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, creating immediate risk for deployed devices.
Technical Context
This vulnerability resides in the HTTP POST request handler component of TOTOLINK's web management interface, specifically the /boafrm/formFilter endpoint. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which encompasses classic buffer overflow conditions where input data exceeds allocated buffer boundaries without proper bounds checking. The affected component likely parses form filter parameters without validating input length, allowing attackers to overflow adjacent memory regions. The vulnerability chain involves the web server processing POST requests, passing unsanitized form parameters to a vulnerable filter function that performs unsafe string or buffer operations. This is a network-facing, authenticated attack vector against the device's management interface.
Affected Products
TOTOLINK EX1200T (WiFi router/access point) firmware versions up to and including 4.1.2cu.5232_B20210713. The CPE would be approximated as: cpe:2.3:o:totolink:ex1200t_firmware:*:*:*:*:*:*:*:* (versions <=4.1.2cu.5232_B20210713). Additionally affected: cpe:2.3:h:totolink:ex1200t:*:*:*:*:*:*:*:*. No advisory links are provided in the disclosed data, but remediation requires checking TOTOLINK's official support portal for the EX1200T product line. Users should verify their current firmware version via the device's web interface (typically System Settings > Firmware Version).
Remediation
Immediate actions: (1) Check for firmware updates on TOTOLINK's official website or the EX1200T management interface (System > Firmware Upgrade). Upgrade to a version released after 2021-07-13 if available. (2) If no patched firmware exists for legacy EX1200T units, implement network-level mitigations: restrict access to the web management interface (port 80/443) to trusted internal networks only via firewall rules; disable remote management if enabled (Administration > Remote Management). (3) Change default/weak administrative credentials to strong, unique passwords (Administration > System Settings > Password). (4) Disable UPnP if not required (Network > UPnP). (5) Consider replacing end-of-life TOTOLINK devices with vendor-supported alternatives that receive regular security updates. Monitor TOTOLINK's security advisories and firmware release notes for official patches; contact TOTOLINK support if no patch is available for your device model.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today