CVE-2025-51451
TOTOLINK · EX1200T
A critical authentication bypass vulnerability exists in the TOTOLINK EX1200T range extender firmware, allowing unauthenticated attackers to bypass login via the formLoginAuth.htm endpoint.
Executive summary
A critical authentication bypass vulnerability in TOTOLINK EX1200T firmware allows unauthenticated attackers to gain full administrative access to the device.
Vulnerability
The vulnerability is an unauthenticated authentication bypass flaw involving the formLoginAuth.htm script. An attacker can submit a specific request to this endpoint to bypass the authentication mechanism and interact with the device as an administrator.
Business impact
The CVSS score of 9.8 reflects the severe impact of unauthorized administrative access to network infrastructure. Exploitation allows attackers to manipulate settings, intercept sensitive traffic, or use the device as a foothold for further lateral movement within the connected network.
Remediation
Immediate Action: Upgrade the TOTOLINK EX1200T firmware to the most recent version provided by the manufacturer.
Proactive Monitoring: Review device access logs for suspicious activity or repeated, unexpected access attempts targeting the login authentication scripts.
Compensating Controls: Disable remote management features on the device and ensure that administrative access is restricted to authorized internal network segments.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Due to the high severity of this bypass, organizations should apply the necessary firmware updates immediately. Failure to secure these devices exposes the internal network to unauthorized control and potential data exfiltration.