CVE-2025-2370
Published: 17 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-2370 is a critical stack-based buffer overflow vulnerability affecting TOTOLINK EX1800T router firmware versions up to 9.1.0cu.2112_B20220316. The flaw exists in the setWiFiExtenderConfig function of the /cgi-bin/cstecgi.cgi component, where manipulation of the apcliSsid argument triggers the overflow. It is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write), and carries a CVSS v3.1 base score of 8.8.
The vulnerability enables remote exploitation by an attacker with low privileges over the network. Per the CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it requires low attack complexity, no user interaction, and unchanged scope, allowing high impacts on confidentiality, integrity, and availability. This could result in arbitrary code execution or device compromise.
VulDB advisories (ctiid.299869, id.299869, submit.515329) document the issue and note that an exploit has been publicly disclosed. A proof-of-concept is available on GitHub at https://github.com/kn0sky/cve/blob/main/TOTOLINK%20EX1800T/Stack-based%20Buffer%20Overflow%2003%20setWiFiExtenderConfig-_apcliSsid.md, which may facilitate active attacks. The vendor site at https://www.totolink.net/ provides general support, but no specific patch details are outlined in the references.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stack-based buffer overflow in public-facing CGI endpoint (/cgi-bin/cstecgi.cgi) enables remote arbitrary code execution on the router with low privileges, directly mapping to exploitation of public-facing applications for initial access and device compromise.