Sign-up

ID

VAR-202503-0252


CVE

CVE-2025-2097


TITLE

TOTOLINK  of  ex1800t  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-002946

DESCRIPTION

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1800t An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. TOTOLINK EX1800T has a buffer overflow vulnerability, which is caused by the parameter loginpass failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-2097 // JVNDB: JVNDB-2025-002946 // CNVD: CNVD-2025-12092

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12092

AFFECTED PRODUCTS

vendor:totolinkmodel:ex1800tscope:eqversion:9.1.0cu.2112_b20220316

Trust: 1.0

vendor:totolinkmodel:ex1800tscope: - version: -

Trust: 0.8

vendor:totolinkmodel:ex1800tscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:ex1800tscope:eqversion:ex1800t firmware 9.1.0cu.2112 b20220316

Trust: 0.8

vendor:totolinkmodel:ex1800t 9.1.0cu.2112 b20220316scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-12092 // JVNDB: JVNDB-2025-002946 // NVD: CVE-2025-2097

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-2097
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-2097
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-002946
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-12092
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-2097
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-002946
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-12092
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-2097
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-2097
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-002946
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-12092 // JVNDB: JVNDB-2025-002946 // NVD: CVE-2025-2097 // NVD: CVE-2025-2097

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-002946 // NVD: CVE-2025-2097

EXTERNAL IDS

db:NVDid:CVE-2025-2097

Trust: 3.2

db:VULDBid:298955

Trust: 1.8

db:JVNDBid:JVNDB-2025-002946

Trust: 0.8

db:CNVDid:CNVD-2025-12092

Trust: 0.6

sources: CNVD: CNVD-2025-12092 // JVNDB: JVNDB-2025-002946 // NVD: CVE-2025-2097

REFERENCES

url:https://github.com/kn0sky/cve/blob/main/totolink%20ex1800t/stack-based%20buffer%20overflow%2001%20setrptwizardcfg-_loginpass.md

Trust: 2.4

url:https://vuldb.com/?id.298955

Trust: 1.8

url:https://vuldb.com/?submit.515326

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.298955

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-2097

Trust: 0.8

sources: CNVD: CNVD-2025-12092 // JVNDB: JVNDB-2025-002946 // NVD: CVE-2025-2097

SOURCES

db:CNVDid:CNVD-2025-12092
db:JVNDBid:JVNDB-2025-002946
db:NVDid:CVE-2025-2097

LAST UPDATE DATE

2025-06-15T23:39:49.248000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12092date:2025-06-11T00:00:00
db:JVNDBid:JVNDB-2025-002946date:2025-04-04T05:20:00
db:NVDid:CVE-2025-2097date:2025-04-03T15:28:41.053

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12092date:2025-06-10T00:00:00
db:JVNDBid:JVNDB-2025-002946date:2025-04-04T00:00:00
db:NVDid:CVE-2025-2097date:2025-03-07T23:15:16.263