Stack-Based Buffer Overflow Vulnerability in TOTOLINK EX1800T Devices
CVE-2025-2369

8.8HIGH

Key Information:

Vendor: TOTOLINK
Status: EX1800T
Vendor: CVE Published:; 17 March 2025

Summary

A stack-based buffer overflow vulnerability exists in the TOTOLINK EX1800T, specifically within the setPasswordCfg function found in /cgi-bin/cstecgi.cgi. This flaw is triggered by manipulating the admpass argument, allowing an attacker to remotely exploit the vulnerability. The exploit has been publicly disclosed, raising concerns for users of affected versions of the device. Immediate action is advisable to mitigate potential risks associated with this vulnerability.

References

https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800...

https://vuldb.com/?ctiid.299868

https://vuldb.com/?id.299868

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2025