CVE-2025-6336

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5232 B20210713

Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting an unknown function of the file /boafrm/formTmultiAP. The manipulation of the submit-url argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used.

Recommendations: As a temporary workaround, consider disabling the HTTP POST Request Handler or restricting access to the /boafrm/formTmultiAP file until a patch is available. Avoid using the submit-url argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.