CVE-2025-5792
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-12
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | ex1200t_firmware | 4.1.2cu.5232_b20210713 |
| totolink | ex1200t | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical buffer overflow in the TOTOLINK EX1200T router firmware version 4.1.2cu.5232_B20210713. It occurs in the HTTP POST request handler at the /boafrm/formWlanRedirect endpoint. Specifically, when the 'redirect-url' parameter is manipulated with crafted input that exceeds the buffer size, it causes a buffer overflow because the input size is not properly checked before copying to an output buffer. This flaw can be exploited remotely without authentication. [1, 2]
How can this vulnerability impact me? :
The vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected device. An attacker can remotely exploit this flaw to cause a denial of service (DoS) condition, potentially disrupting network connectivity or device operation. Since the exploit is publicly available and easy to perform, it poses a significant security risk. No known mitigations currently exist, so the recommended action is to replace the affected product. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP POST requests to the endpoint /boafrm/formWlanRedirect on the TOTOLINK EX1200T router. Specifically, look for suspicious or unusually large payloads in the redirect-url parameter that could indicate an attempt to exploit the buffer overflow. Network intrusion detection systems (NIDS) can be configured to alert on POST requests to this endpoint. Additionally, manual inspection or use of tools like curl or wget can be used to test the endpoint for abnormal behavior. Example command to test the endpoint: curl -X POST http://<router-ip>/boafrm/formWlanRedirect -d "redirect-url=<test_payload>". Replace <test_payload> with crafted input to check for abnormal responses or crashes. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of the affected TOTOLINK EX1200T router firmware version 4.1.2cu.5232_B20210713, as no known countermeasures or patches currently exist. It is recommended to replace the affected device with an alternative product. Additionally, restrict or block HTTP POST requests to the /boafrm/formWlanRedirect endpoint at the network perimeter or firewall to prevent exploitation attempts. Monitoring network traffic for suspicious activity targeting this endpoint is also advised. [2]