CVE-2025-51451

TOTOLINK · EX1200T

A critical authentication bypass vulnerability exists in the TOTOLINK EX1200T range extender firmware, allowing unauthenticated attackers to bypass login via the formLoginAuth.htm endpoint.

Executive summary

A critical authentication bypass vulnerability in TOTOLINK EX1200T firmware allows unauthenticated attackers to gain full administrative access to the device.

Vulnerability

The vulnerability is an unauthenticated authentication bypass flaw involving the formLoginAuth.htm script. An attacker can submit a specific request to this endpoint to bypass the authentication mechanism and interact with the device as an administrator.

Business impact

The CVSS score of 9.8 reflects the severe impact of unauthorized administrative access to network infrastructure. Exploitation allows attackers to manipulate settings, intercept sensitive traffic, or use the device as a foothold for further lateral movement within the connected network.

Remediation

Immediate Action: Upgrade the TOTOLINK EX1200T firmware to the most recent version provided by the manufacturer.

Proactive Monitoring: Review device access logs for suspicious activity or repeated, unexpected access attempts targeting the login authentication scripts.

Compensating Controls: Disable remote management features on the device and ensure that administrative access is restricted to authorized internal network segments.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Due to the high severity of this bypass, organizations should apply the necessary firmware updates immediately. Failure to secure these devices exposes the internal network to unauthorized control and potential data exfiltration.