Sign-up

ID

VAR-202506-1097


CVE

CVE-2025-6336


TITLE

TOTOLINK  of  ex1200t  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009676

DESCRIPTION

A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to expand the coverage of existing wireless networks. TOTOLINK EX1200T has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formTmultiAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-6336 // JVNDB: JVNDB-2025-009676 // CNVD: CNVD-2025-14529

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14529

AFFECTED PRODUCTS

vendor:totolinkmodel:ex1200tscope:eqversion:4.1.2cu.5232_b20210713

Trust: 1.0

vendor:totolinkmodel:ex1200tscope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:ex1200tscope:eqversion:ex1200t firmware 4.1.2cu.5232 b20210713

Trust: 0.8

vendor:totolinkmodel:ex1200tscope: - version: -

Trust: 0.8

vendor:totolinkmodel:ex1200t 4.1.2cu.5232 b20210713scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-14529 // JVNDB: JVNDB-2025-009676 // NVD: CVE-2025-6336

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-6336
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-6336
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-009676
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-14529
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-6336
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-009676
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-14529
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-6336
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-6336
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-009676
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-14529 // JVNDB: JVNDB-2025-009676 // NVD: CVE-2025-6336 // NVD: CVE-2025-6336

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-009676 // NVD: CVE-2025-6336

EXTERNAL IDS

db:NVDid:CVE-2025-6336

Trust: 3.2

db:VULDBid:313332

Trust: 1.8

db:JVNDBid:JVNDB-2025-009676

Trust: 0.8

db:CNVDid:CNVD-2025-14529

Trust: 0.6

sources: CNVD: CNVD-2025-14529 // JVNDB: JVNDB-2025-009676 // NVD: CVE-2025-6336

REFERENCES

url:https://github.com/awindog/cve/blob/main/688/12.md

Trust: 2.4

url:https://github.com/awindog/cve/blob/main/688/12.md#poc

Trust: 1.8

url:https://vuldb.com/?id.313332

Trust: 1.8

url:https://vuldb.com/?submit.596690

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.313332

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-6336

Trust: 0.8

sources: CNVD: CNVD-2025-14529 // JVNDB: JVNDB-2025-009676 // NVD: CVE-2025-6336

SOURCES

db:CNVDid:CNVD-2025-14529
db:JVNDBid:JVNDB-2025-009676
db:NVDid:CVE-2025-6336

LAST UPDATE DATE

2025-07-28T23:25:31.574000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-14529date:2025-07-01T00:00:00
db:JVNDBid:JVNDB-2025-009676date:2025-07-23T08:35:00
db:NVDid:CVE-2025-6336date:2025-06-26T18:28:59.800

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-14529date:2025-07-01T00:00:00
db:JVNDBid:JVNDB-2025-009676date:2025-07-23T00:00:00
db:NVDid:CVE-2025-6336date:2025-06-20T12:15:22.307