Details of VAR-202508-0736

ID

VAR-202508-0736

CVE

CVE-2025-51451

TITLE

TOTOLINK of ex1200t Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-011658

DESCRIPTION

In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX1200T is a Wi-Fi range extender manufactured by the Chinese company TOTOLINK. The TOTOLINK EX1200T suffers from an authentication bypass vulnerability. This vulnerability stems from the formLoginAuth.htm file not properly validating login requests. An attacker could exploit this vulnerability to bypass authentication, gain administrator privileges, and potentially control the entire system

Trust: 2.16

sources: NVD: CVE-2025-51451 // JVNDB: JVNDB-2025-011658 // CNVD: CNVD-2025-19529

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19529

AFFECTED PRODUCTS

vendor:	totolink	model:	ex1200t	scope:	eq	version:	4.1.2cu.5215	Trust: 1.0
vendor:	totolink	model:	ex1200t	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ex1200t	scope:	eq	version:	ex1200t firmware 4.1.2cu.5215	Trust: 0.8
vendor:	totolink	model:	ex1200t	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	ex1200t v4.1.2cu.5215	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-19529 // JVNDB: JVNDB-2025-011658 // NVD: CVE-2025-51451

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-51451
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-51451
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-51451
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-19529
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-19529
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2025-51451
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2025-51451
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-19529 // JVNDB: JVNDB-2025-011658 // NVD: CVE-2025-51451 // NVD: CVE-2025-51451

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-011658 // NVD: CVE-2025-51451

PATCH

title:

Patch for TOTOLINK EX1200T authentication bypass vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/722701

Trust: 0.6

sources: CNVD: CNVD-2025-19529

EXTERNAL IDS

db:	NVD	id:	CVE-2025-51451	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-011658	Trust: 0.8
db:	CNVD	id:	CNVD-2025-19529	Trust: 0.6

sources: CNVD: CNVD-2025-19529 // JVNDB: JVNDB-2025-011658 // NVD: CVE-2025-51451

REFERENCES

url:	https://gist.github.com/lin-3-start/e42344d5caea881e5429fdd40fad1fd8	Trust: 1.8
url:	https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/204/ids/36.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-51451	Trust: 1.4
url:	http://n200re.com	Trust: 1.0

sources: CNVD: CNVD-2025-19529 // JVNDB: JVNDB-2025-011658 // NVD: CVE-2025-51451

SOURCES

db:	CNVD	id:	CNVD-2025-19529
db:	JVNDB	id:	JVNDB-2025-011658
db:	NVD	id:	CVE-2025-51451

LAST UPDATE DATE

2025-08-29T19:37:54.883000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19529	date:	2025-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2025-011658	date:	2025-08-15T10:06:00
db:	NVD	id:	CVE-2025-51451	date:	2025-08-14T15:15:37.497

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19529	date:	2025-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2025-011658	date:	2025-08-15T00:00:00
db:	NVD	id:	CVE-2025-51451	date:	2025-08-13T17:15:27.993