Remote Command Execution Vulnerability in TOTOLINK EX1200T Router
CVE-2025-28038

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: EX1200T
Vendor: CVE Published:; 22 April 2025

Summary

A pre-authentication remote command execution vulnerability exists in the TOTOLINK EX1200T router, specifically within the setWebWlanIdx function via the webWlanIdx parameter. This flaw allows attackers to execute arbitrary commands, potentially compromising the device's integrity and leading to unauthorized control. Users are advised to monitor their devices and apply necessary updates to safeguard against potential exploits.

References

https://locrian-lightning-dc7.notion.site/RCE1-1ad8e5e2b1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Mar 11, 2025