CVE-2025-1852Improper Restriction of Operations within the Bounds of a Memory Buffer in Ex1800t

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer OverflowCWE-476NULL Pointer Dereference4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.3%
top 45.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Ex1800tTotolink Ex1800t Firmware
Timeline
PublishedMar 3

Description

A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/ex1800t9.1.0cu.2112_B20220316
NVDtotolink/ex1800t_firmware9.1.0cu.2112_b20220316

🔴Vulnerability Details

2
CVEList
Totolink EX1800T cstecgi.cgi loginAuth buffer overflow2025-03-03
GHSA
GHSA-v35v-mpjj-v438: A vulnerability has been found in Totolink EX1800T 92025-03-03

📋Vendor Advisories

1
Microsoft
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an 2022-06-14
CVE-2025-1852 — Totolink Ex1800t vulnerability | cvebase