CVE-2025-2097
Published: 07 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-2097 is a critical stack-based buffer overflow vulnerability (CWE-119, CWE-121, CWE-787) in the TOTOLINK EX1800T router running firmware version 9.1.0cu.2112_B20220316. The flaw resides in the setRptWizardCfg function within the /cgi-bin/cstecgi.cgi file, where manipulation of the loginpass argument triggers the overflow. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.
Attackers with low privileges, such as authenticated users, can exploit this vulnerability remotely with low complexity and no user interaction required. Successful exploitation allows high-impact compromise of confidentiality, integrity, and availability, potentially enabling arbitrary code execution on the affected device.
Advisories from VulDB detail the vulnerability and reference a publicly disclosed exploit, while the vendor's site at totolink.net may provide firmware updates or mitigation guidance. Security practitioners should review these resources for patches, as no specific mitigation details are outlined in the core CVE description.
A proof-of-concept exploit is publicly available on GitHub, increasing the risk of real-world abuse against unpatched TOTOLINK EX1800T devices.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The stack-based buffer overflow in the router's public-facing web CGI (/cgi-bin/cstecgi.cgi) directly enables remote exploitation of a public-facing application for arbitrary code execution, matching T1190.