CVE-2025-6568

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5232 B20210713

Description: A critical vulnerability has been found in the HTTP POST Request Handler of the TOTOLINK EX1200T. The issue is related to an unknown function of the file /boafrm/formIpv6Setup. The manipulation of the submit-url argument leads to a buffer overflow. This can be exploited remotely. The exploit has been disclosed to the public.

Recommendations: For TOTOLINK EX1200T version 4.1.2cu.5232 B20210713, consider disabling the HTTP POST Request Handler or restricting access to the /boafrm/formIpv6Setup file until a patch is available. Avoid using the submit-url argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.