Stack-Based Buffer Overflow in TOTOLINK EX1800T Router
CVE-2025-2097

8.7HIGH

Key Information:

Vendor: Totolink
Status: Ex1800t
Vendor: CVE Published:; 7 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2097?

A vulnerability exists in the TOTOLINK EX1800T router's cstecgi.cgi file, specifically in the setRptWizardCfg function. This security flaw can be exploited remotely through a manipulated loginpass argument, leading to a stack-based buffer overflow. Once exploited, the vulnerability poses a risk to the integrity and security of the affected device. Immediate action is recommended to mitigate potential attacks.

Affected Version(s)

EX1800T 9.1.0cu.2112_B20220316

References

https://vuldb.com/?id.298955

vdb-entrytechnical-description

https://vuldb.com/?ctiid.298955

signaturepermissions-required

https://vuldb.com/?submit.515326

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 7, 2025
Vulnerability published
Mar 7, 2025
Vulnerability Reserved
Mar 7, 2025

Credit

selph (VulDB User)

Totolink

Badges

What is CVE-2025-2097?

Affected Version(s)

References

CVSS V4

Timeline

Credit