CVE-2025-5909

Name of the Vulnerable Software and Affected Versions TOTOLINK EX1200T versions 4.1.2cu.5232 B20210713 and earlier

Description A critical issue was found in the HTTP POST Request Handler component, affecting an unknown function of the file /boafrm/formReflashClientTbl. The manipulation leads to buffer overflow, allowing remote attacks. The exploit has been disclosed to the public and may be used.

Recommendations For TOTOLINK EX1200T versions 4.1.2cu.5232 B20210713 and earlier, consider disabling the HTTP POST Request Handler component or restricting access to the /boafrm/formReflashClientTbl file until a patch is available. As a temporary workaround, avoid using the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.