CVE-2025-1852
Published: 03 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-1852 is a critical buffer overflow vulnerability (CWE-119, CWE-120) in the Totolink EX1800T router's firmware version 9.1.0cu.2112_B20220316. The flaw affects the loginAuth function in the /cgi-bin/cstecgi.cgi file, where manipulation of the password argument triggers the overflow. Published on 2025-03-03, it carries a CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation over the network by an attacker with low privileges. No user interaction is needed, allowing low-complexity attacks that compromise confidentiality, integrity, and availability to a high degree, potentially leading to full system control.
Advisories on VulDB (ctiid.298120, id.298120) and a GitHub repository (watermelon-happy/cve/ex1800tCVE.md) document the issue, with a public exploit disclosed that may be used. The Totolink vendor site (totolink.net) should be checked for patches or firmware updates.
The exploit's public availability increases the risk of active exploitation in the wild.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow in the public-facing web CGI loginAuth function (/cgi-bin/cstecgi.cgi) enables remote exploitation of a public-facing application for potential code execution.