Login Bypass in TOTOLINK EX1200T Router by TOTOLINK
CVE-2021-42887

9.8CRITICAL

Key Information:

Vendor: Totolink
Status: Ex1200t Firmware
Vendor: CVE Published:; 3 June 2022

What is CVE-2021-42887?

The TOTOLINK EX1200T router contains a vulnerability that allows an attacker to bypass authentication completely. By sending a specially crafted request to the router's formLoginAuth.htm endpoint, an unauthorized user can gain access without providing valid login credentials. This poses a significant risk to network integrity and security, as it could allow attackers to manipulate the device settings, intercept data, or perform further attacks on the local network.

References

https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_l...

x_refsource_MISC

EPSS Score

61% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2022
Vulnerability Reserved
Oct 25, 2021

JSON

Totolink

What is CVE-2021-42887?

References

EPSS Score

CVSS V3.1

Timeline