ID

VAR-202503-0080


CVE

CVE-2025-1852


TITLE

TOTOLINK  of  ex1800t  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-003052

DESCRIPTION

A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1800t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. Totolink EX1800T has a buffer overflow vulnerability, which is caused by the loginAuth function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-1852 // JVNDB: JVNDB-2025-003052 // CNVD: CNVD-2025-12390

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12390

AFFECTED PRODUCTS

vendor:totolinkmodel:ex1800tscope:eqversion:9.1.0cu.2112_b20220316

Trust: 1.0

vendor:totolinkmodel:ex1800tscope: - version: -

Trust: 0.8

vendor:totolinkmodel:ex1800tscope:eqversion:ex1800t firmware 9.1.0cu.2112 b20220316

Trust: 0.8

vendor:totolinkmodel:ex1800tscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:ex1800t 9.1.0cu.2112 b20220316scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12390 // JVNDB: JVNDB-2025-003052 // NVD: CVE-2025-1852

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-1852
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-1852
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-003052
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-12390
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-1852
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-003052
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-12390
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-1852
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-1852
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-003052
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12390 // JVNDB: JVNDB-2025-003052 // NVD: CVE-2025-1852 // NVD: CVE-2025-1852

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-003052 // NVD: CVE-2025-1852

EXTERNAL IDS

db:NVDid:CVE-2025-1852

Trust: 3.2

db:VULDBid:298120

Trust: 1.8

db:JVNDBid:JVNDB-2025-003052

Trust: 0.8

db:CNVDid:CNVD-2025-12390

Trust: 0.6

sources: CNVD: CNVD-2025-12390 // JVNDB: JVNDB-2025-003052 // NVD: CVE-2025-1852

REFERENCES

url:https://vuldb.com/?id.298120

Trust: 1.8

url:https://vuldb.com/?submit.505362

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://github.com/watermelon-happy/cve/blob/main/ex1800tcve.md

Trust: 1.6

url:https://vuldb.com/?ctiid.298120

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-1852

Trust: 0.8

sources: CNVD: CNVD-2025-12390 // JVNDB: JVNDB-2025-003052 // NVD: CVE-2025-1852

SOURCES

db:CNVDid:CNVD-2025-12390
db:JVNDBid:JVNDB-2025-003052
db:NVDid:CVE-2025-1852

LAST UPDATE DATE

2025-06-15T23:29:38.545000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12390date:2025-06-13T00:00:00
db:JVNDBid:JVNDB-2025-003052date:2025-04-08T08:05:00
db:NVDid:CVE-2025-1852date:2025-04-03T15:33:51.953

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12390date:2025-06-13T00:00:00
db:JVNDBid:JVNDB-2025-003052date:2025-04-08T00:00:00
db:NVDid:CVE-2025-1852date:2025-03-03T06:15:21.343