Listen to this Post
How the CVE Works
The vulnerability in TOTOLINK EX1200T (up to v4.1.2cu.5232_B20210713) stems from improper bounds checking in the `/boafrm/formDMZ` endpoint when handling HTTP POST requests. Attackers can trigger a buffer overflow by sending crafted oversized payloads, potentially allowing remote code execution (RCE) due to corrupted memory structures. The flaw is remotely exploitable without authentication, and public exploit PoCs exist.
DailyCVE Form
Platform: TOTOLINK EX1200T
Version: ≤4.1.2cu.5232
Vulnerability: Buffer Overflow
Severity: Critical
Date: 06/16/2025
Prediction: Patch by Q3 2025
What Undercode Say
Analytics
curl -X POST http://<TARGET>/boafrm/formDMZ -d "payload=$(python -c 'print("A"<SIZE>)')"
import requests
requests.post("http://<TARGET>/boafrm/formDMZ", data={"data": "A"<OVERFLOW_SIZE>})
Exploit
- Craft oversized HTTP POST request to
/boafrm/formDMZ. - Overwrite return addresses for RCE.
Protection from this CVE
- Disable WAN admin access.
- Await vendor firmware update.
Impact
- Full device compromise.
- Botnet enlistment risk.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
