EUVD-2025-18419
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical buffer overflow vulnerability in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists, increasing real-world exploitation risk.
Technical Context
The vulnerability exists in the HTTP POST request handling component (specifically the formSaveConfig function) of TOTOLINK's firmware, which processes user-supplied input from the 'submit-url' parameter without adequate bounds checking. This is a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) stack or heap-based buffer overflow. The affected device is a wireless router/mesh networking device (EX1200T model), and the vulnerability stems from unsafe string operations (likely strcpy, sprintf, or similar C library functions) that do not validate input length before copying to fixed-size buffers. The HTTP POST handler runs with elevated privileges as part of the router's web management interface, allowing authenticated users to write beyond allocated memory boundaries and potentially overwrite function pointers, return addresses, or other critical data structures to achieve code execution.
Affected Products
TOTOLIK EX1200T, firmware version 4.1.2cu.5232_B20210713. Likely affected CPE: cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*. The EX1200T is a dual-band mesh/range extender Wi-Fi device commonly deployed in small office and home office (SOHO) environments. Other TOTOLINK models with similar firmware architecture may be affected; firmware versions before and up to the patched version should be considered vulnerable. No vendor advisories or patch status provided in the source data; recommend checking TOTOLINK's official security bulletin or support portal for affected firmware versions and available updates.
Remediation
Immediate actions: (1) Identify and inventory all TOTOLIK EX1200T devices in your environment, specifically those running firmware 4.1.2cu.5232_B20210713 or potentially earlier versions with identical vulnerable code; (2) Check TOTOLINK's official website (typically support.totolink.com or equivalent) for security patches and firmware updates; (3) If patches are available, apply them urgently via the device's web interface or firmware update mechanism, ensuring stable power and network connectivity during updates; (4) Interim mitigations if patches unavailable: (a) restrict HTTP/HTTPS access to the device's management interface to trusted IP addresses only using firewall rules or device ACLs, (b) disable remote management features if available, (c) change default/weak administrative credentials to strong, unique passwords, (d) isolate vulnerable devices on restricted VLANs with minimal trust; (5) monitor device logs for suspicious POST requests to /boafrm/formSaveConfig with unusual submit-url parameter values. Long-term: evaluate replacement with devices from vendors with more reliable security patching practices.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today