CVE-2025-2369
Published: 17 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-2369 is a critical stack-based buffer overflow vulnerability affecting TOTOLINK EX1800T routers running firmware versions up to 9.1.0cu.2112_B20220316. The issue resides in the setPasswordCfg function within the /cgi-bin/cstecgi.cgi component, where improper handling of the 'admpass' argument allows overflow. Rated at CVSS 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it maps to CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write).
Attackers with low privileges, such as authenticated users, can exploit this remotely with low complexity and no user interaction required. Successful exploitation grants high-impact confidentiality, integrity, and availability violations, potentially enabling arbitrary code execution on the device. A public proof-of-concept exploit has been disclosed, increasing the risk of widespread abuse.
Advisories from VulDB detail the vulnerability (ctiid.299868, id.299868) and reference a submission entry, while a GitHub repository provides an exploit markdown for the setPasswordCfg 'admpass' overflow. The vendor's site at totolink.net should be consulted for any firmware updates or mitigation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The stack-based buffer overflow in the unauthenticated web CGI interface (setPasswordCfg) of the TOTOLINK EX1800T router enables remote exploitation of a public-facing application (T1190) for RCE/shell access and can cause DoS via application/system crash (T1499.004).