How to fix EUVD-2025-18424?

Within 24 hours: Identify all TOTOLIK EX1200T 4.1.2cu.5232_B20210713 devices on your network and isolate them from critical systems if possible; enable enhanced monitoring for exploitation attempts. Within 7 days: Contact TOTOLINK for patch availability and timeline; implement network segmentation to restrict access to affected devices; configure firewall rules to block external HTTP POST requests to /boafrm/formSysCmd. Within 30 days: Deploy patches immediately upon release; if no patch materializes, evaluate device replacement or decommissioning.

Is Ex1200t Firmware affected by EUVD-2025-18424?

A critical remote code execution vulnerability affecting TOTOLINK EX1200T routers has been publicly disclosed with working exploits available. Organizations using this device model are at immediate risk of unauthorized access and network compromise without vendor remediation.

EUVD-2025-18424

| CVE-2025-6144 HIGH

2025-06-16 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18424

PoC Detected

Jun 23, 2025 - 19:29 vuln.today

Public exploit code

CVE Published

Jun 16, 2025 - 23:15 nvd

HIGH 8.8

Description

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

Technical Context

This vulnerability exists in the HTTP POST request handler component of the TOTOLINK EX1200T router's web management interface. The affected endpoint /boafrm/formSysCmd processes user-supplied input via the 'submit-url' parameter without proper bounds checking, triggering CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The router firmware 4.1.2cu.5232_B20210713 contains insufficient input validation in the form submission handler, allowing attackers to write beyond allocated buffer boundaries. This is a classic buffer overflow vulnerability in embedded device firmware where legacy C-based code often lacks modern memory safety protections. The vulnerability affects CPE: cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*

Affected Products

EX1200T (['4.1.2cu.5232_B20210713'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.6

CVSS: +44

POC: +20

EUVD-2025-18424 vulnerability details – vuln.today

Back

EUVD-2025-18424

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

EUVD-2025-18424

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code