Stack-Based Buffer Overflow in TOTOLINK EX1800T Router
CVE-2025-2097
8.7HIGH
Key Information:
Badges
👾 Exploit Exists🟡 Public PoC
Summary
A vulnerability exists in the TOTOLINK EX1800T router's cstecgi.cgi file, specifically in the setRptWizardCfg function. This security flaw can be exploited remotely through a manipulated loginpass argument, leading to a stack-based buffer overflow. Once exploited, the vulnerability poses a risk to the integrity and security of the affected device. Immediate action is recommended to mitigate potential attacks.
Affected Version(s)
EX1800T 9.1.0cu.2112_B20220316
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
selph (VulDB User)