Search

Find a vulnerability

Search criteria

    37 vulnerabilities found for EX1200T by TOTOLINK

    VAR-202508-0736

    Vulnerability from variot - Updated: 2025-09-26 23:32

    In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX1200T is a Wi-Fi range extender manufactured by the Chinese company TOTOLINK.

    The TOTOLINK EX1200T suffers from an authentication bypass vulnerability. This vulnerability stems from the formLoginAuth.htm file not properly validating login requests. An attacker could exploit this vulnerability to bypass authentication, gain administrator privileges, and potentially control the entire system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-0736",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t v4.1.2cu.5215",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51451"
          }
        ]
      },
      "cve": "CVE-2025-51451",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-19529",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-51451",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2025-51451",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-51451",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-51451",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2025-51451",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-19529",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51451"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51451"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX1200T is a Wi-Fi range extender manufactured by the Chinese company TOTOLINK. \n\nThe TOTOLINK EX1200T suffers from an authentication bypass vulnerability. This vulnerability stems from the formLoginAuth.htm file not properly validating login requests. An attacker could exploit this vulnerability to bypass authentication, gain administrator privileges, and potentially control the entire system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-51451"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-51451",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011658",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51451"
          }
        ]
      },
      "id": "VAR-202508-0736",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          }
        ]
      },
      "last_update_date": "2025-09-26T23:32:45.908000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX1200T authentication bypass vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/722701"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate authentication (CWE-287) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51451"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://gist.github.com/lin-3-start/e42344d5caea881e5429fdd40fad1fd8"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/204/ids/36.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-51451"
          },
          {
            "trust": 1.0,
            "url": "http://n200re.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51451"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51451"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          },
          {
            "date": "2025-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          },
          {
            "date": "2025-08-13T17:15:27.993000",
            "db": "NVD",
            "id": "CVE-2025-51451"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-19529"
          },
          {
            "date": "2025-08-15T10:06:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          },
          {
            "date": "2025-09-26T12:28:56.947000",
            "db": "NVD",
            "id": "CVE-2025-51451"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Firmware vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011658"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-1097

    Vulnerability from variot - Updated: 2025-07-28 23:25

    A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to expand the coverage of existing wireless networks.

    TOTOLINK EX1200T has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formTmultiAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-1097",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6336"
          }
        ]
      },
      "cve": "CVE-2025-6336",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6336",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-009676",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-14529",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6336",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6336",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-009676",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6336",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-6336",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-009676",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-14529",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6336"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6336"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to expand the coverage of existing wireless networks. \n\nTOTOLINK EX1200T has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formTmultiAP failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6336",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "313332",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009676",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-14529",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6336"
          }
        ]
      },
      "id": "VAR-202506-1097",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          }
        ]
      },
      "last_update_date": "2025-07-28T23:25:31.574000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6336"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/awindog/cve/blob/main/688/12.md"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/awindog/cve/blob/main/688/12.md#poc"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.313332"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.596690"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.313332"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6336"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6336"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6336"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          },
          {
            "date": "2025-07-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          },
          {
            "date": "2025-06-20T12:15:22.307000",
            "db": "NVD",
            "id": "CVE-2025-6336"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-14529"
          },
          {
            "date": "2025-07-23T08:35:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          },
          {
            "date": "2025-06-26T18:28:59.800000",
            "db": "NVD",
            "id": "CVE-2025-6336"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-009676"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-1121

    Vulnerability from variot - Updated: 2025-07-13 19:35

    A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. A3002RU firmware, A3002R firmware, A702R firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-1121",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "a702r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.0-b20230721.1521"
          },
          {
            "model": "a3002r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.0-b20230531.1404"
          },
          {
            "model": "a3002ru",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "3.0.0-b20230809.1615"
          },
          {
            "model": "a702r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "a3002ru",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "a3002r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6393"
          }
        ]
      },
      "cve": "CVE-2025-6393",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6393",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008462",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6393",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-6393",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008462",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6393",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-6393",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-008462",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6393"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6393"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. A3002RU firmware, A3002R firmware, A702R firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6393"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6393",
            "trust": 2.6
          },
          {
            "db": "VULDB",
            "id": "313386",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008462",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6393"
          }
        ]
      },
      "id": "VAR-202506-1121",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.48758723249999997
      },
      "last_update_date": "2025-07-13T19:35:40.839000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6393"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/awindog/cve/blob/main/688/15.md"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/awindog/cve/blob/main/688/16.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.313386"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.597565"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.597566"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.597591"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.597592"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.313386"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6393"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6393"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6393"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          },
          {
            "date": "2025-06-21T01:15:29.650000",
            "db": "NVD",
            "id": "CVE-2025-6393"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-11T00:57:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          },
          {
            "date": "2025-07-09T18:43:26.127000",
            "db": "NVD",
            "id": "CVE-2025-6393"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0TOTOLINK\u00a0 Classic buffer overflow vulnerability in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008462"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0907

    Vulnerability from variot - Updated: 2025-07-06 23:48

    A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router from TOTOLINK that provides convenient network connection and management functions. An attacker can exploit this vulnerability to remotely execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0907",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6129"
          }
        ]
      },
      "cve": "CVE-2025-6129",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6129",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008092",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-13430",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6129",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008092",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6129",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-008092",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13430",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6129"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router from TOTOLINK that provides convenient network connection and management functions. An attacker can exploit this vulnerability to remotely execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6129"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6129",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "312598",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008092",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13430",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6129"
          }
        ]
      },
      "id": "VAR-202506-0907",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          }
        ]
      },
      "last_update_date": "2025-07-06T23:48:44.767000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6129"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?submit.592695"
          },
          {
            "trust": 2.4,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/9.md"
          },
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/9.md#poc"
          },
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?id.312598"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?ctiid.312598"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6129"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6129"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6129"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          },
          {
            "date": "2025-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          },
          {
            "date": "2025-06-16T16:15:20.243000",
            "db": "NVD",
            "id": "CVE-2025-6129"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13430"
          },
          {
            "date": "2025-07-04T09:12:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          },
          {
            "date": "2025-07-02T17:40:41.127000",
            "db": "NVD",
            "id": "CVE-2025-6129"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008092"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-1030

    Vulnerability from variot - Updated: 2025-07-06 23:25

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to expand the coverage of existing wireless networks.

    TOTOLINK EX1200T has a stack buffer overflow vulnerability, which is caused by the function setStaticDhcpConfig in the file /cgi-bin/cstecgi.cgi failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-1030",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6302"
          }
        ]
      },
      "cve": "CVE-2025-6302",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6302",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008088",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-14530",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6302",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008088",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6302",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-008088",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-14530",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6302"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to expand the coverage of existing wireless networks. \n\nTOTOLINK EX1200T has a stack buffer overflow vulnerability, which is caused by the function setStaticDhcpConfig in the file /cgi-bin/cstecgi.cgi failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6302"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6302",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "313302",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008088",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-14530",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6302"
          }
        ]
      },
      "id": "VAR-202506-1030",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          }
        ]
      },
      "last_update_date": "2025-07-06T23:25:46.976000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6302"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://kn0sinna.notion.site/totolink-ex1200t-stack-based-bufferoverflow-vulnerability-20fb1876cd6e80d5b4d1f7ec16de4ec2"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.313302"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.595473"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.313302"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6302"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6302"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6302"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          },
          {
            "date": "2025-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          },
          {
            "date": "2025-06-20T03:15:28.603000",
            "db": "NVD",
            "id": "CVE-2025-6302"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-14530"
          },
          {
            "date": "2025-07-04T09:12:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          },
          {
            "date": "2025-07-02T17:40:51.843000",
            "db": "NVD",
            "id": "CVE-2025-6302"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008088"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-1246

    Vulnerability from variot - Updated: 2025-07-06 19:33

    A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to extend the coverage of existing wireless networks. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-1246",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6568"
          }
        ]
      },
      "cve": "CVE-2025-6568",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6568",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008011",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-14523",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6568",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-008011",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6568",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-008011",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-14523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6568"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to extend the coverage of existing wireless networks. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6568"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6568",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "313740",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008011",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-14523",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6568"
          }
        ]
      },
      "id": "VAR-202506-1246",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          }
        ]
      },
      "last_update_date": "2025-07-06T19:33:23.844000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6568"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/d2pq/cve/blob/main/616/23.md"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/d2pq/cve/blob/main/616/23.md#poc"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.313740"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.601344"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6568"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.313740"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6568"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6568"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          },
          {
            "date": "2025-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          },
          {
            "date": "2025-06-24T15:15:25.823000",
            "db": "NVD",
            "id": "CVE-2025-6568"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-14523"
          },
          {
            "date": "2025-07-04T07:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          },
          {
            "date": "2025-06-27T16:43:42.703000",
            "db": "NVD",
            "id": "CVE-2025-6568"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-008011"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0949

    Vulnerability from variot - Updated: 2025-07-04 23:51

    A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formSysCmd failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0949",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6144"
          }
        ]
      },
      "cve": "CVE-2025-6144",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6144",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007830",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-13787",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6144",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007830",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6144",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007830",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13787",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6144"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formSysCmd failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6144",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "312619",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007830",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13787",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6144"
          }
        ]
      },
      "id": "VAR-202506-0949",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          }
        ]
      },
      "last_update_date": "2025-07-04T23:51:32.670000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6144"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/awindog/cve/blob/main/688/1.md"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/awindog/cve/blob/main/688/1.md#poc"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.312619"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.593009"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6144"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.312619"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6144"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6144"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          },
          {
            "date": "2025-07-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          },
          {
            "date": "2025-06-16T23:15:22.683000",
            "db": "NVD",
            "id": "CVE-2025-6144"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13787"
          },
          {
            "date": "2025-07-02T09:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          },
          {
            "date": "2025-06-23T19:29:46.927000",
            "db": "NVD",
            "id": "CVE-2025-6144"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007830"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0954

    Vulnerability from variot - Updated: 2025-07-04 23:43

    A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router provided by TOTOLINK. An attacker can use this vulnerability to remotely send malicious HTTP POST requests, causing a buffer overflow, thereby achieving a denial of service attack or executing arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0954",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6128"
          }
        ]
      },
      "cve": "CVE-2025-6128",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6128",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007832",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-13833",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6128",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007832",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6128",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007832",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13833",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6128"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router provided by TOTOLINK. An attacker can use this vulnerability to remotely send malicious HTTP POST requests, causing a buffer overflow, thereby achieving a denial of service attack or executing arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6128",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "312597",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007832",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13833",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6128"
          }
        ]
      },
      "id": "VAR-202506-0954",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          }
        ]
      },
      "last_update_date": "2025-07-04T23:43:21.688000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6128"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?submit.592694"
          },
          {
            "trust": 2.4,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/8.md"
          },
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/8.md#poc"
          },
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?id.312597"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?ctiid.312597"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6128"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6128"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6128"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          },
          {
            "date": "2025-07-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          },
          {
            "date": "2025-06-16T16:15:20.047000",
            "db": "NVD",
            "id": "CVE-2025-6128"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13833"
          },
          {
            "date": "2025-07-02T09:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          },
          {
            "date": "2025-06-27T14:46:05.487000",
            "db": "NVD",
            "id": "CVE-2025-6128"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007832"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0898

    Vulnerability from variot - Updated: 2025-07-04 23:40

    A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formSysLog failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0898",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6145"
          }
        ]
      },
      "cve": "CVE-2025-6145",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6145",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007626",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-13788",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6145",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007626",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6145",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007626",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13788",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6145"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. The vulnerability is caused by the parameter submit-url in the file /boafrm/formSysLog failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6145",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "312620",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007626",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13788",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6145"
          }
        ]
      },
      "id": "VAR-202506-0898",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          }
        ]
      },
      "last_update_date": "2025-07-04T23:40:47.538000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6145"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/awindog/cve/blob/main/688/2.md"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/awindog/cve/blob/main/688/2.md#poc"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.312620"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.593011"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6145"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.312620"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6145"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6145"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          },
          {
            "date": "2025-07-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          },
          {
            "date": "2025-06-16T23:15:22.863000",
            "db": "NVD",
            "id": "CVE-2025-6145"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13788"
          },
          {
            "date": "2025-07-01T07:22:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          },
          {
            "date": "2025-06-23T19:29:40.783000",
            "db": "NVD",
            "id": "CVE-2025-6145"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007626"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0899

    Vulnerability from variot - Updated: 2025-07-04 19:31

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics.

    TOTOLINK EX1200T has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formNtp failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0899",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6143"
          }
        ]
      },
      "cve": "CVE-2025-6143",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6143",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007605",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-13786",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007605",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6143",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007605",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13786",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6143"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. \n\nTOTOLINK EX1200T has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formNtp failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6143",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "312618",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007605",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13786",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6143"
          }
        ]
      },
      "id": "VAR-202506-0899",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          }
        ]
      },
      "last_update_date": "2025-07-04T19:31:13.995000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6143"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/awindog/cve/blob/main/13.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.312618"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.593004"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6143"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.312618"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6143"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6143"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          },
          {
            "date": "2025-07-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          },
          {
            "date": "2025-06-16T23:15:22.500000",
            "db": "NVD",
            "id": "CVE-2025-6143"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13786"
          },
          {
            "date": "2025-07-01T03:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          },
          {
            "date": "2025-06-23T19:29:54.330000",
            "db": "NVD",
            "id": "CVE-2025-6143"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007605"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0762

    Vulnerability from variot - Updated: 2025-06-27 22:59

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. An attacker can exploit this vulnerability to launch an attack remotely, causing a buffer overflow

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0762",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6130"
          }
        ]
      },
      "cve": "CVE-2025-6130",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6130",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007358",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-13832",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6130",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007358",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6130",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007358",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13832",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6130"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. An attacker can exploit this vulnerability to launch an attack remotely, causing a buffer overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6130",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "312599",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007358",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13832",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6130"
          }
        ]
      },
      "id": "VAR-202506-0762",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          }
        ]
      },
      "last_update_date": "2025-06-27T22:59:27.339000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6130"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?submit.592696"
          },
          {
            "trust": 2.4,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/10.md"
          },
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/10.md#poc"
          },
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?id.312599"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?ctiid.312599"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6130"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6130"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6130"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          },
          {
            "date": "2025-06-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          },
          {
            "date": "2025-06-16T17:15:31.020000",
            "db": "NVD",
            "id": "CVE-2025-6130"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13832"
          },
          {
            "date": "2025-06-23T04:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          },
          {
            "date": "2025-06-20T14:39:23.200000",
            "db": "NVD",
            "id": "CVE-2025-6130"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007358"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0937

    Vulnerability from variot - Updated: 2025-06-27 22:57

    A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0937",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6162"
          }
        ]
      },
      "cve": "CVE-2025-6162",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-6162",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-13785",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-6162",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-6162",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13785",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6162"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6162"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-6162",
            "trust": 1.6
          },
          {
            "db": "VULDB",
            "id": "312637",
            "trust": 1.0
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6162"
          }
        ]
      },
      "id": "VAR-202506-0937",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          }
        ]
      },
      "last_update_date": "2025-06-27T22:57:43.223000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-6162"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?id.312637"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/lena-lyy/cve/blob/main/688/8.md"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/lena-lyy/cve/blob/main/688/8.md#poc"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.312637"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?submit.593600"
          },
          {
            "trust": 1.0,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-6162"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6162"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-6162"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          },
          {
            "date": "2025-06-17T05:15:22.053000",
            "db": "NVD",
            "id": "CVE-2025-6162"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          },
          {
            "date": "2025-06-23T19:20:50.197000",
            "db": "NVD",
            "id": "CVE-2025-6162"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX1200T /boafrm/formMultiAP file buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13785"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0507

    Vulnerability from variot - Updated: 2025-06-21 23:39

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0507",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713  and earlier"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t \u003c=4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5908"
          }
        ]
      },
      "cve": "CVE-2025-5908",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5908",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007107",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12871",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5908",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007107",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5908",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007107",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12871",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5908"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5908"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5908",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311681",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007107",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12871",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5908"
          }
        ]
      },
      "id": "VAR-202506-0507",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          }
        ]
      },
      "last_update_date": "2025-06-21T23:39:19.667000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5908"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/4.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311681"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.592269"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311681"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5908"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5908"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5908"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          },
          {
            "date": "2025-06-10T01:15:24.167000",
            "db": "NVD",
            "id": "CVE-2025-5908"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12871"
          },
          {
            "date": "2025-06-17T02:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          },
          {
            "date": "2025-06-16T17:21:32.227000",
            "db": "NVD",
            "id": "CVE-2025-5908"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007107"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0531

    Vulnerability from variot - Updated: 2025-06-21 23:30

    A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0531",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t \u003c=4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5911"
          }
        ]
      },
      "cve": "CVE-2025-5911",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5911",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007039",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12870",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5911",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007039",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5911",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-5911",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007039",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12870",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5911"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5911"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5911"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5911",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311684",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007039",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12870",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5911"
          }
        ]
      },
      "id": "VAR-202506-0531",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          }
        ]
      },
      "last_update_date": "2025-06-21T23:30:41.180000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5911"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/7.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311684"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.592272"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311684"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5911"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5911"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5911"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          },
          {
            "date": "2025-06-10T03:15:39.060000",
            "db": "NVD",
            "id": "CVE-2025-5911"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12870"
          },
          {
            "date": "2025-06-17T00:57:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          },
          {
            "date": "2025-06-16T17:06:20.300000",
            "db": "NVD",
            "id": "CVE-2025-5911"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007039"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0487

    Vulnerability from variot - Updated: 2025-06-21 23:30

    A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0487",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713  and earlier"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t \u003c=4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5910"
          }
        ]
      },
      "cve": "CVE-2025-5910",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5910",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007148",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12872",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5910",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007148",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5910",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007148",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12872",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5910"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5910"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5910",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311683",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007148",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12872",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5910"
          }
        ]
      },
      "id": "VAR-202506-0487",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          }
        ]
      },
      "last_update_date": "2025-06-21T23:30:12.356000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5910"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/6.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311683"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.592271"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311683"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5910"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5910"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5910"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          },
          {
            "date": "2025-06-10T03:15:38.583000",
            "db": "NVD",
            "id": "CVE-2025-5910"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12872"
          },
          {
            "date": "2025-06-17T04:41:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          },
          {
            "date": "2025-06-16T17:13:58.870000",
            "db": "NVD",
            "id": "CVE-2025-5910"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007148"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0520

    Vulnerability from variot - Updated: 2025-06-21 23:25

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router produced by China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0520",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713  and earlier"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5909"
          }
        ]
      },
      "cve": "CVE-2025-5909",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5909",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007149",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12873",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5909",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007149",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5909",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007149",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12873",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5909"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router produced by China\u0027s TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5909"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5909",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311682",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007149",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12873",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5909"
          }
        ]
      },
      "id": "VAR-202506-0520",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          }
        ]
      },
      "last_update_date": "2025-06-21T23:25:07.284000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5909"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/5.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311682"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.592270"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311682"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5909"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5909"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5909"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          },
          {
            "date": "2025-06-10T02:15:21.007000",
            "db": "NVD",
            "id": "CVE-2025-5909"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12873"
          },
          {
            "date": "2025-06-17T04:41:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          },
          {
            "date": "2025-06-16T17:14:56.647000",
            "db": "NVD",
            "id": "CVE-2025-5909"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007149"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0521

    Vulnerability from variot - Updated: 2025-06-19 23:37

    A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router produced by TOTOLINK. A remote attacker can exploit this vulnerability to cause a buffer overflow and execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0521",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713  and earlier"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5907"
          }
        ]
      },
      "cve": "CVE-2025-5907",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5907",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007040",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12751",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5907",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007040",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5907",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007040",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12751",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5907"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router produced by TOTOLINK. A remote attacker can exploit this vulnerability to cause a buffer overflow and execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5907",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311680",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007040",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12751",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5907"
          }
        ]
      },
      "id": "VAR-202506-0521",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          }
        ]
      },
      "last_update_date": "2025-06-19T23:37:55.941000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5907"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/3.md"
          },
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?id.311680"
          },
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?submit.592267"
          },
          {
            "trust": 2.4,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?ctiid.311680"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5907"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5907"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5907"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          },
          {
            "date": "2025-06-10T01:15:23.963000",
            "db": "NVD",
            "id": "CVE-2025-5907"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12751"
          },
          {
            "date": "2025-06-17T00:57:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          },
          {
            "date": "2025-06-16T17:22:27.860000",
            "db": "NVD",
            "id": "CVE-2025-5907"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007040"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202401-0875

    Vulnerability from variot - Updated: 2025-06-17 23:14

    TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. TOTOLINK EX1200T is a Wi-Fi range extender from China's Zeon Electronics (TOTOLINK) company.

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 version has a command injection vulnerability. This vulnerability is caused by the failure of the main method to correctly filter special characters, commands, etc. in the constructed command

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0875",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t v4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52032"
          }
        ]
      },
      "cve": "CVE-2023-52032",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-04914",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-52032",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-52032",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-52032",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-04914",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52032"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52032"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the \"main\" function. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s Zeon Electronics (TOTOLINK) company. \n\r\n\r\nTOTOLINK EX1200T V4.1.2cu.5232_B20210713 version has a command injection vulnerability. This vulnerability is caused by the failure of the main method to correctly filter special characters, commands, etc. in the constructed command",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-52032"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-52032",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52032"
          }
        ]
      },
      "id": "VAR-202401-0875",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          }
        ]
      },
      "last_update_date": "2025-06-17T23:14:18.138000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for TOTOLINK EX1200T command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/518081"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-52032"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://815yang.github.io/2023/12/24/cve6/ex1200t_v4.1.2cu.5232_b20210713_downloadflile/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52032"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-52032"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          },
          {
            "date": "2024-01-11T09:15:47.483000",
            "db": "NVD",
            "id": "CVE-2023-52032"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          },
          {
            "date": "2025-06-17T15:15:37.040000",
            "db": "NVD",
            "id": "CVE-2023-52032"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX1200T command injection vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-04914"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202506-0408

    Vulnerability from variot - Updated: 2025-06-15 23:46

    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the parameter service_type in the file /boafrm/formPortFw failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0408",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5793"
          }
        ]
      },
      "cve": "CVE-2025-5793",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5793",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006878",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12072",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5793",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5793",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006878",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5793",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-5793",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006878",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12072",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5793"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5793"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. The vulnerability is caused by the parameter service_type in the file /boafrm/formPortFw failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5793"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5793",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311340",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006878",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12072",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5793"
          }
        ]
      },
      "id": "VAR-202506-0408",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          }
        ]
      },
      "last_update_date": "2025-06-15T23:46:35.323000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5793"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/2.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311340"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.591222"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311340"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5793"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5793"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5793"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          },
          {
            "date": "2025-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          },
          {
            "date": "2025-06-06T18:15:36.227000",
            "db": "NVD",
            "id": "CVE-2025-5793"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12072"
          },
          {
            "date": "2025-06-13T08:43:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          },
          {
            "date": "2025-06-12T16:20:02.057000",
            "db": "NVD",
            "id": "CVE-2025-5793"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006878"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202504-3422

    Vulnerability from variot - Updated: 2025-06-15 23:45

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router from TOTOLINK that provides convenient network connection and management functions. Attackers can use this vulnerability to execute arbitrary commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-3422",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28038"
          }
        ]
      },
      "cve": "CVE-2025-28038",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-12388",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-28038",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-004142",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-28038",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-004142",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12388",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28038"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router from TOTOLINK that provides convenient network connection and management functions. Attackers can use this vulnerability to execute arbitrary commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-28038"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-28038",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004142",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12388",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28038"
          }
        ]
      },
      "id": "VAR-202504-3422",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          }
        ]
      },
      "last_update_date": "2025-06-15T23:45:49.957000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28038"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://locrian-lightning-dc7.notion.site/rce1-1ad8e5e2b1a28030a1c8febac89935a0"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-28038"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28038"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28038"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          },
          {
            "date": "2025-04-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          },
          {
            "date": "2025-04-22T18:15:59.377000",
            "db": "NVD",
            "id": "CVE-2025-28038"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12388"
          },
          {
            "date": "2025-04-30T08:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          },
          {
            "date": "2025-04-29T16:02:01.753000",
            "db": "NVD",
            "id": "CVE-2025-28038"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004142"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0294

    Vulnerability from variot - Updated: 2025-06-15 23:34

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the parameter LangType in the file /cgi-bin/cstecgi.cgi failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0294",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5600"
          }
        ]
      },
      "cve": "CVE-2025-5600",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2025-5600",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006625",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-12071",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-5600",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006625",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5600",
                "trust": 1.0,
                "value": "Critical"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006625",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12071",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5600"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China\u0027s TOTOLINK Electronics. The vulnerability is caused by the parameter LangType in the file /cgi-bin/cstecgi.cgi failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5600"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5600",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311087",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006625",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12071",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5600"
          }
        ]
      },
      "id": "VAR-202506-0294",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          }
        ]
      },
      "last_update_date": "2025-06-15T23:34:34.846000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5600"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://kn0sinna.notion.site/totolink-ex1200t-stack-based-bufferoverflow-vulnerability-204b1876cd6e80709ce8dab4778dce55"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311087"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.588075"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5600"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311087"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5600"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5600"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          },
          {
            "date": "2025-06-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          },
          {
            "date": "2025-06-04T18:15:38.817000",
            "db": "NVD",
            "id": "CVE-2025-5600"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12071"
          },
          {
            "date": "2025-06-11T02:01:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          },
          {
            "date": "2025-06-10T15:09:46.277000",
            "db": "NVD",
            "id": "CVE-2025-5600"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006625"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0388

    Vulnerability from variot - Updated: 2025-06-15 19:34

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router produced by China's TOTOLINK Electronics. Attackers can exploit this vulnerability to crash the application or execute arbitrary code in the context of the application

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0388",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t 4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5792"
          }
        ]
      },
      "cve": "CVE-2025-5792",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5792",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006823",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12070",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5792",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5792",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006823",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5792",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-5792",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006823",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12070",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5792"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5792"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of ex1200t The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. TOTOLINK EX1200T is a wireless router produced by China\u0027s TOTOLINK Electronics. Attackers can exploit this vulnerability to crash the application or execute arbitrary code in the context of the application",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5792"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5792",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311339",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006823",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12070",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5792"
          }
        ]
      },
      "id": "VAR-202506-0388",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          }
        ]
      },
      "last_update_date": "2025-06-15T19:34:10.663000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5792"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/byxs0x0/cve2/blob/main/1.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311339"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.591220"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311339"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5792"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5792"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5792"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          },
          {
            "date": "2025-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          },
          {
            "date": "2025-06-06T18:15:36.030000",
            "db": "NVD",
            "id": "CVE-2025-5792"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12070"
          },
          {
            "date": "2025-06-13T01:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          },
          {
            "date": "2025-06-12T16:20:11.397000",
            "db": "NVD",
            "id": "CVE-2025-5792"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006823"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202504-3330

    Vulnerability from variot - Updated: 2025-06-12 02:23

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to expand the coverage of existing wireless networks.

    TOTOLINK EX1200T has a code execution vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the target system, thereby gaining full control of the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-3330",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5232_b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5232 b20210713"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t v4.1.2cu.5232 b20210713",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28039"
          }
        ]
      },
      "cve": "CVE-2025-28039",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-12014",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-28039",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-004097",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-28039",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-004097",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12014",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28039"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a dual-band wireless signal amplifier, mainly used to expand the coverage of existing wireless networks. \n\nTOTOLINK EX1200T has a code execution vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the target system, thereby gaining full control of the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-28039"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-28039",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004097",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12014",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28039"
          }
        ]
      },
      "id": "VAR-202504-3330",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          }
        ]
      },
      "last_update_date": "2025-06-12T02:23:39.897000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28039"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://locrian-lightning-dc7.notion.site/rce2-1ad8e5e2b1a280fbb0cacc7e758e7299"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-28039"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28039"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-28039"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          },
          {
            "date": "2025-04-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          },
          {
            "date": "2025-04-22T18:15:59.500000",
            "db": "NVD",
            "id": "CVE-2025-28039"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12014"
          },
          {
            "date": "2025-04-30T05:07:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          },
          {
            "date": "2025-04-29T16:01:14.980000",
            "db": "NVD",
            "id": "CVE-2025-28039"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-004097"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202206-0123

    Vulnerability from variot - Updated: 2024-11-23 23:07

    TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-0123",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t v4.1.2cu.5215",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42888"
          }
        ]
      },
      "cve": "CVE-2021-42888",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-42888",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53570",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-42888",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-42888",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-42888",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-42888",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53570",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-457",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-42888",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42888"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-457"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42888"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-42888"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42888"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-42888",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019782",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53570",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-457",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42888",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42888"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-457"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42888"
          }
        ]
      },
      "id": "VAR-202206-0123",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:07:20.273000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42888"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_langtype_rce.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42888"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-42888/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42888"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-457"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42888"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42888"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-457"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42888"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42888"
          },
          {
            "date": "2023-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-457"
          },
          {
            "date": "2022-06-03T14:15:08.110000",
            "db": "NVD",
            "id": "CVE-2021-42888"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53570"
          },
          {
            "date": "2022-06-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42888"
          },
          {
            "date": "2023-08-17T08:36:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          },
          {
            "date": "2022-06-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-457"
          },
          {
            "date": "2024-11-21T06:28:16.690000",
            "db": "NVD",
            "id": "CVE-2021-42888"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-457"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019782"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-457"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-0354

    Vulnerability from variot - Updated: 2024-11-23 23:07

    In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. TOTOLINK of ex1200t A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be tampered with. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-0354",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t v4.1.2cu.5215",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019778"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42892"
          }
        ]
      },
      "cve": "CVE-2021-42892",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-42892",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53564",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-42892",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2021-42892",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-42892",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-42892",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53564",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-458",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-42892",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42892"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-458"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42892"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. TOTOLINK of ex1200t A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be tampered with. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-42892"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42892"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-42892",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019778",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-458",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42892",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42892"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-458"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42892"
          }
        ]
      },
      "id": "VAR-202206-0354",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:07:20.061000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019778"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42892"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_telnet_default.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42892"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-42892/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42892"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-458"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42892"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42892"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-458"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42892"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42892"
          },
          {
            "date": "2023-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019778"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-458"
          },
          {
            "date": "2022-06-03T17:15:07.607000",
            "db": "NVD",
            "id": "CVE-2021-42892"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          },
          {
            "date": "2022-06-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42892"
          },
          {
            "date": "2023-08-17T08:36:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019778"
          },
          {
            "date": "2022-06-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-458"
          },
          {
            "date": "2024-11-21T06:28:17.293000",
            "db": "NVD",
            "id": "CVE-2021-42892"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-458"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX1200T Trust Management Issue Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53564"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-458"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-458"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-0322

    Vulnerability from variot - Updated: 2024-11-23 23:00

    In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-0322",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t 4.1.2cu.5215",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42887"
          }
        ]
      },
      "cve": "CVE-2021-42887",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-42887",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-46173",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-42887",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-42887",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-42887",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-42887",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-46173",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-454",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-42887",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-454"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42887"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. TOTOLINK of ex1200t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-42887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42887"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-42887",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019783",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-46173",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-454",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42887",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-454"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42887"
          }
        ]
      },
      "id": "VAR-202206-0322",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:00:49.161000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42887"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_login_bypass.md"
          },
          {
            "trust": 1.2,
            "url": "https://cxsecurity.com/cveshow/cve-2021-42887/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42887"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-454"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42887"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-454"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42887"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-06-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42887"
          },
          {
            "date": "2023-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-454"
          },
          {
            "date": "2022-06-03T12:15:07.933000",
            "db": "NVD",
            "id": "CVE-2021-42887"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-06-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-46173"
          },
          {
            "date": "2022-06-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42887"
          },
          {
            "date": "2023-08-17T08:36:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          },
          {
            "date": "2022-06-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-454"
          },
          {
            "date": "2024-11-21T06:28:16.540000",
            "db": "NVD",
            "id": "CVE-2021-42887"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-454"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Firmware vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019783"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-454"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-0176

    Vulnerability from variot - Updated: 2024-11-23 22:54

    TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-0176",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t v4.1.2cu.5215",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42890"
          }
        ]
      },
      "cve": "CVE-2021-42890",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-42890",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53569",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-42890",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-42890",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-42890",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-42890",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53569",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-456",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-42890",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42890"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-456"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42890"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-42890"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42890"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-42890",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019780",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53569",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-456",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42890",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42890"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-456"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42890"
          }
        ]
      },
      "id": "VAR-202206-0176",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:54:34.103000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42890"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_hosttime_rce.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42890"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-42890/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42890"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-456"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42890"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42890"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-456"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42890"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42890"
          },
          {
            "date": "2023-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-456"
          },
          {
            "date": "2022-06-03T15:15:08.193000",
            "db": "NVD",
            "id": "CVE-2021-42890"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53569"
          },
          {
            "date": "2022-06-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42890"
          },
          {
            "date": "2023-08-17T08:36:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          },
          {
            "date": "2022-06-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-456"
          },
          {
            "date": "2024-11-21T06:28:17.003000",
            "db": "NVD",
            "id": "CVE-2021-42890"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-456"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019780"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-456"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-0218

    Vulnerability from variot - Updated: 2024-11-23 22:54

    TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-0218",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t v4.1.2cu.5215",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019786"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42884"
          }
        ]
      },
      "cve": "CVE-2021-42884",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-42884",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53573",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-42884",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-42884",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-42884",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-42884",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53573",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-453",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-42884",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42884"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019786"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-453"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42884"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-42884"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019786"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42884"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-42884",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019786",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-453",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42884",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42884"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019786"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-453"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42884"
          }
        ]
      },
      "id": "VAR-202206-0218",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:54:34.053000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019786"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42884"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_devicename_rce.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42884"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-42884/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42884"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019786"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-453"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42884"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42884"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019786"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-453"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42884"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42884"
          },
          {
            "date": "2023-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019786"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-453"
          },
          {
            "date": "2022-06-03T11:15:12.417000",
            "db": "NVD",
            "id": "CVE-2021-42884"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          },
          {
            "date": "2022-06-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42884"
          },
          {
            "date": "2023-08-17T08:36:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019786"
          },
          {
            "date": "2022-06-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-453"
          },
          {
            "date": "2024-11-21T06:28:16.100000",
            "db": "NVD",
            "id": "CVE-2021-42884"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-453"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK EX1200T Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53573"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-453"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-453"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-0003

    Vulnerability from variot - Updated: 2024-11-23 22:47

    In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-0003",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "ex1200t  firmware  4.1.2cu.5215"
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t v4.1.2cu.5215",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42889"
          }
        ]
      },
      "cve": "CVE-2021-42889",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-42889",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53565",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-42889",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-42889",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-42889",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-42889",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53565",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-459",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-42889",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42889"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-459"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42889"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-42889"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42889"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-42889",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019781",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53565",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-459",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42889",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42889"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-459"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42889"
          }
        ]
      },
      "id": "VAR-202206-0003",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          }
        ],
        "trust": 1.2374999999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:47:21.777000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42889"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_getwifiapconfig_leak.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42889"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2021-42889/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/200.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42889"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-459"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42889"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-42889"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-459"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-42889"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42889"
          },
          {
            "date": "2023-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          },
          {
            "date": "2022-06-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-459"
          },
          {
            "date": "2022-06-03T15:15:08.150000",
            "db": "NVD",
            "id": "CVE-2021-42889"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53565"
          },
          {
            "date": "2022-06-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-42889"
          },
          {
            "date": "2023-08-17T08:36:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          },
          {
            "date": "2022-06-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-459"
          },
          {
            "date": "2024-11-21T06:28:16.860000",
            "db": "NVD",
            "id": "CVE-2021-42889"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-459"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex1200t\u00a0 Vulnerability related to lack of authentication for critical functions in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-019781"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-459"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202203-1928

    Vulnerability from variot - Updated: 2024-11-23 22:40

    totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. TOTOLINK of ex300 v2 firmware and ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX300 is a 300 Mbps wireless N range extender from China TotoLink company, TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK company.

    An access control error vulnerability exists in TOTOLINK EX300_v2 and EX1200T. The vulnerability stems from the device web server not performing any authentication, allowing an attacker to access the web ui and perform any actions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1928",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ex1200t",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.2cu.5230_b20210706"
          },
          {
            "model": "ex300 v2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.0.3c.140_b20210429"
          },
          {
            "model": "ex300 v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex300 v2 v4.0.3c.140 b20210429",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "ex1200t v4.1.2cu.5230 b20210706",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25008"
          }
        ]
      },
      "cve": "CVE-2022-25008",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2022-25008",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2022-55141",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-25008",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-25008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-25008",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-25008",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-55141",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-2635",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2635"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25008"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. TOTOLINK of ex300 v2 firmware and ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX300 is a 300 Mbps wireless N range extender from China TotoLink company, TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK company. \n\r\n\r\nAn access control error vulnerability exists in TOTOLINK EX300_v2 and EX1200T. The vulnerability stems from the device web server not performing any authentication, allowing an attacker to access the web ui and perform any actions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-25008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-25008",
            "trust": 3.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007450",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-55141",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2635",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2635"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25008"
          }
        ]
      },
      "id": "VAR-202203-1928",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          }
        ],
        "trust": 1.3291666666666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:40:30.872000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25008"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md"
          },
          {
            "trust": 1.2,
            "url": "https://cxsecurity.com/cveshow/cve-2022-25008/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25008"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2635"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25008"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2635"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-25008"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          },
          {
            "date": "2022-03-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2635"
          },
          {
            "date": "2022-03-30T23:15:08.093000",
            "db": "NVD",
            "id": "CVE-2022-25008"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-55141"
          },
          {
            "date": "2023-07-14T08:38:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          },
          {
            "date": "2022-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2635"
          },
          {
            "date": "2024-11-21T06:51:32.073000",
            "db": "NVD",
            "id": "CVE-2022-25008"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2635"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0ex300\u00a0v2\u00a0 firmware and \u00a0ex1200t\u00a0 Vulnerability related to lack of authentication for critical functions in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007450"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2635"
          }
        ],
        "trust": 0.6
      }
    }