Stack-Based Buffer Overflow Vulnerability in TOTOLINK EX1800T Devices
CVE-2025-2369

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: EX1800T
Vendor: CVE Published:; 17 March 2025

What is CVE-2025-2369?

A stack-based buffer overflow vulnerability exists in the TOTOLINK EX1800T, specifically within the setPasswordCfg function found in /cgi-bin/cstecgi.cgi. This flaw is triggered by manipulating the admpass argument, allowing an attacker to remotely exploit the vulnerability. The exploit has been publicly disclosed, raising concerns for users of affected versions of the device. Immediate action is advisable to mitigate potential risks associated with this vulnerability.

References

https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800...

https://vuldb.com/?ctiid.299868

https://vuldb.com/?id.299868

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2025

CVE-2025-2369 Data

JSON