A critical buffer overflow in the Totolink EX1200L login interface allows unauthenticated attackers to execute code as root and gain full control of the device.

A buffer overflow exists in the cgi-bin/cstecgi.cgi endpoint, which handles login requests. An unauthenticated attacker can send a crafted request to trigger this overflow and execute arbitrary commands with root-level privileges.

With a CVSS score of 9.4, this vulnerability allows for total compromise of the router. An attacker gaining root access can intercept network traffic, modify DNS settings, or use the device as an entry point to attack other internal systems, posing a significant risk to the entire network environment.

Immediate Action: Update the EX1200L firmware to the latest available version provided by Totolink.

Proactive Monitoring: Monitor network traffic for unusual activity originating from the router, such as unexpected outbound connections or system configuration changes.

Compensating Controls: Disable remote management of the router and restrict access to the web interface to trusted internal IP addresses only.

Public Exploit Available: No

Given the potential for root-level remote code execution, this vulnerability poses a severe threat to network integrity. Organizations should immediately apply firmware updates and restrict management access to the device to mitigate the risk of unauthorized remote exploitation.