Wang_Lun

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical vulnerability was found in the HTTP POST Request Handler component, affecting the file /boafrm/formSaveConfig. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be initiated remotely. **Recommendations** For TOTOLINK EX1200T version 4.1.2cu.5232 B20210713, as a temporary workaround, consider restricting access to the `/boafrm/formSaveConfig` endpoint to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical vulnerability has been found in the TOTOLINK EX1200T, affecting an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the `submit-url` argument leads to a buffer overflow. This issue can be initiated remotely. **Recommendations** As a temporary workaround, consider disabling the HTTP POST Request Handler until a patch is available. Restrict access to the /boafrm/formWirelessTbl file to minimize the risk of exploitation. Avoid using the `submit-url` argument in the affected HTTP POST requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical issue has been found in the HTTP POST Request Handler component, affecting the processing of the file `/boafrm/formStats`. This leads to a buffer overflow. The attack can be initiated remotely. **Recommendations** For TOTOLINK EX1200T version 4.1.2cu.5232 B20210713, consider restricting access to the `/boafrm/formStats` file to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the HTTP POST Request Handler component until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical issue affects an unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler, leading to a buffer overflow. The attack can be launched remotely. **Recommendations** For version 4.1.2cu.5232 B20210713, consider disabling the HTTP POST Request Handler functionality until a patch is available to prevent remote exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical issue has been detected in the HTTP POST Request Handler component, specifically affecting an unknown functionality of the file /boafrm/formWsc. The manipulation of this functionality leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For version 4.1.2cu.5232 B20210713, consider disabling the HTTP POST Request Handler component until a patch is available to prevent remote exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T versions up to 4.1.2cu.5232 B20210713 **Description** A critical vulnerability was found in the HTTP POST Request Handler component, affecting the /boafrm/formFilter file. This issue leads to a buffer overflow and can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For TOTOLINK EX1200T versions up to 4.1.2cu.5232 B20210713, consider restricting access to the HTTP POST Request Handler until a patch is available. As a temporary workaround, avoid using the /boafrm/formFilter file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T versions up to 4.1.2cu.5232 B20210713 **Description** A critical issue has been found in the HTTP POST Request Handler component, affecting the processing of the file /boafrm/formIpQoS. This leads to a buffer overflow. The attack can be initiated remotely. **Recommendations** For versions up to 4.1.2cu.5232 B20210713, consider restricting access to the /boafrm/formIpQoS file to minimize the risk of exploitation. As a temporary workaround, avoid using the HTTP POST Request Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical issue has been found in the HTTP POST Request Handler component, affecting the processing of the file /boafrm/formWlanRedirect. The manipulation of the `redirect-url` argument leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For TOTOLINK EX1200T version 4.1.2cu.5232 B20210713, as a temporary workaround, consider restricting access to the /boafrm/formWlanRedirect file to minimize the risk of exploitation. Avoid using the `redirect-url` argument in the affected HTTP POST request handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T versions 4.1.2cu.5232 B20210713 and earlier **Description** A critical issue was found in the HTTP POST Request Handler component, affecting an unknown function of the file /boafrm/formReflashClientTbl. The manipulation leads to buffer overflow, allowing remote attacks. The exploit has been disclosed to the public and may be used. **Recommendations** For TOTOLINK EX1200T versions 4.1.2cu.5232 B20210713 and earlier, consider disabling the HTTP POST Request Handler component or restricting access to the /boafrm/formReflashClientTbl file until a patch is available. As a temporary workaround, avoid using the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 **Description** A critical issue was found in the HTTP POST Request Handler component, specifically in the file /boafrm/formPortFw. The manipulation of the `service type` argument leads to a buffer overflow. This issue can be exploited remotely. **Recommendations** For TOTOLINK EX1200T version 4.1.2cu.5232 B20210713, as a temporary workaround, consider restricting access to the HTTP POST Request Handler to minimize the risk of exploitation. Avoid using the `service type` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.