Remote Command Execution Vulnerability in TOTOLINK EX1200T Router
CVE-2025-28038

9.8CRITICAL

Key Information:

Vendor: TOTOLINK
Status: EX1200T
Vendor: CVE Published:; 22 April 2025

What is CVE-2025-28038?

A pre-authentication remote command execution vulnerability exists in the TOTOLINK EX1200T router, specifically within the setWebWlanIdx function via the webWlanIdx parameter. This flaw allows attackers to execute arbitrary commands, potentially compromising the device's integrity and leading to unauthorized control. Users are advised to monitor their devices and apply necessary updates to safeguard against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://locrian-lightning-dc7.notion.site/RCE1-1ad8e5e2b1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Mar 11, 2025

JSON

TOTOLINK

What is CVE-2025-28038?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.