EUVD-2025-18426
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.
Technical Context
The vulnerability exists in the HTTP POST request handler of TOTOLINK's proprietary firmware, specifically in the /boafrm/formSysLog endpoint. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating a classic buffer overflow due to insufficient bounds checking. The 'submit-url' parameter is processed without proper length validation before being written to a stack or heap buffer, allowing an attacker to overflow adjacent memory. TOTOLINK EX1200T is a dual-band 802.11ac wireless router commonly deployed in SOHO and small enterprise environments. The firmware parsing and web interface are likely implemented in C/C++ without modern memory safety protections. CPE identifier: cpe:2.3:o:totolink:ex1200t_firmware:4.1.2cu.5232_b20210713:*:*:*:*:*:*:*
Affected Products
TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 and likely earlier versions in the 4.1.2cu series. The EX1200T is a dual-band AC1200 router model. Potentially affected: any device running firmware builds from the 4.1.2cu lineage prior to patched releases (if available). No vendor advisory URLs are provided in the CVE record; TOTOLINK's advisory/support page should be checked for firmware release notes and patch availability. Legacy/EOL status of this device is likely—TOTOLINK has not widely published security bulletins, suggesting limited vendor support. Affected CPE: cpe:2.3:h:totolink:ex1200t:*:*:*:*:*:*:*:*
Remediation
Immediate actions: (1) Identify all TOTOLINK EX1200T devices in your environment, particularly those exposed to untrusted networks. (2) Check TOTOLINK's official website and support portal for firmware updates post-4.1.2cu.5232_B20210713. (3) If no patch is available from vendor (likely given age), consider: network segmentation to restrict unauthenticated access to the management interface (restrict /boafrm/* paths via firewall), disable remote management (WAN access to web UI), enforce strong authentication, or hardware replacement with a vendor offering active security support. (4) Monitor device logs and network traffic for exploitation attempts targeting /boafrm/formSysLog with large submit-url parameter values. (5) If patched firmware exists, validate integrity via checksum/signature before deployment. Workaround: Firewall rules blocking POST requests to /boafrm/formSysLog from untrusted sources; however, internal network attackers may still exploit if authenticated.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today