Ex1200L
Monthly
Stack-based buffer overflow in the Totolink EX1200L router's login handler (cgi-bin/cstecgi.cgi) allows remote attackers on the adjacent network to crash the device or execute arbitrary code as root. Confirmed on firmware 9.3.5u.6146_B20201023 with no public exploit identified at time of analysis, but vendor contact attempts by CERT-PL were unsuccessful so no patch is available. CVSS 4.0 of 9.4 reflects unauthenticated exploitation with full impact on both the device and downstream systems.
Stack-based buffer overflow in the Totolink EX1200L router's login handler (cgi-bin/cstecgi.cgi) allows remote attackers on the adjacent network to crash the device or execute arbitrary code as root. Confirmed on firmware 9.3.5u.6146_B20201023 with no public exploit identified at time of analysis, but vendor contact attempts by CERT-PL were unsuccessful so no patch is available. CVSS 4.0 of 9.4 reflects unauthenticated exploitation with full impact on both the device and downstream systems.