Cyber Resilience

CVE-2025-2097

HighPublic PoC

Published: 07 March 2025

Published
07 March 2025
Modified
03 April 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0674 91.5th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2097 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink Ex1800T Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A stack-based buffer overflow vulnerability exists in the TOTOLINK EX1800T wireless router running firmware version 9.1.0cu.2112_B20220316. The flaw resides in the setRptWizardCfg function of /cgi-bin/cstecgi.cgi, where improper handling of the loginpass argument allows an attacker to overwrite the stack. It is tracked as CVE-2025-2097, carries a CVSS 4.0 score of 8.7, and is also associated with CWE-119, CWE-121, and CWE-787.

An authenticated remote attacker can send a crafted HTTP request to the management interface to trigger the overflow. Successful exploitation grants the attacker the ability to execute arbitrary code or crash the device, resulting in high impact to confidentiality, integrity, and availability without requiring user interaction.

Public exploit code has been published on GitHub, and the issue was disclosed through VulDB. The vendor site is referenced in the advisories, yet no specific patch or mitigation guidance is detailed in the available references.

EPSS for this CVE rose from lower values at disclosure to a peak of 0.1522 on 2026-04-16 before receding to the current 0.0674, indicating that exploitation interest increased after the vulnerability became public.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated…

more

remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The stack-based buffer overflow in the router's public-facing web CGI (/cgi-bin/cstecgi.cgi) directly enables remote exploitation of a public-facing application for arbitrary code execution, matching T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2370Same product: Totolink Ex1800T
CVE-2025-2369Same product: Totolink Ex1800T
CVE-2025-1852Same product: Totolink Ex1800T
CVE-2025-2094Same product: Totolink Ex1800T
CVE-2025-2096Same product: Totolink Ex1800T
CVE-2025-2095Same product: Totolink Ex1800T
CVE-2025-12259Same vendor: Totolink
CVE-2025-12241Same vendor: Totolink
CVE-2025-12260Same vendor: Totolink
CVE-2025-12258Same vendor: Totolink

Affected Assets

totolink
ex1800t firmware
9.1.0cu.2112_b20220316

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation requires applying vendor firmware patches to directly eliminate the stack-based buffer overflow in the setRptWizardCfg function of cstecgi.cgi.

prevent

Information input validation enforces bounds checking on the loginpass argument to prevent stack-based buffer overflows from malformed or oversized inputs.

prevent

Memory protection mechanisms such as stack canaries and non-executable memory prevent successful exploitation of the stack buffer overflow for arbitrary code execution.

References