CVE-2025-6144 is a critical buffer overflow vulnerability identified in the TOTOLINK EX1200T router, specifically affecting firmware version 4.1.2cu.5232_B20210713. The vulnerability resides in the HTTP POST request handler component, within the /boafrm/formSysCmd endpoint. An attacker can exploit this flaw by manipulating the 'submit-url' argument in the HTTP POST request, causing a buffer overflow condition. This overflow can lead to arbitrary code execution or denial of service on the affected device. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, which significantly increases the attack surface. The CVSS 4.0 base score is 8.7 (high severity), reflecting the ease of exploitation (network attack vector, low attack complexity), no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code increases the risk of imminent attacks. The vulnerability affects a widely deployed consumer and small office/home office (SOHO) router model, which is often used as a gateway device, making it a critical point of compromise for network security.

For European organizations, the exploitation of this vulnerability could have severe consequences. Compromised TOTOLINK EX1200T routers can allow attackers to gain unauthorized access to internal networks, intercept or manipulate sensitive data, disrupt network availability, or pivot to other internal systems. This is particularly concerning for small and medium enterprises (SMEs) and home office setups that rely on this router model for internet connectivity and may lack robust network security controls. The breach of confidentiality could lead to data leaks, while integrity and availability impacts could disrupt business operations. Additionally, attackers could use compromised routers as part of botnets or launch further attacks against critical infrastructure. Given the remote and unauthenticated nature of the exploit, the threat extends to any organization or individual using the affected firmware version, increasing the risk of widespread exploitation across Europe.

1. Immediate firmware upgrade: TOTOLINK should be contacted to obtain a patched firmware version. Organizations must prioritize updating all EX1200T devices to the latest secure firmware once available. 2. Network segmentation: Isolate affected routers from critical internal networks to limit potential lateral movement if exploitation occurs. 3. Disable remote management: If remote HTTP management is enabled on the router, it should be disabled or restricted to trusted IP addresses to reduce exposure. 4. Monitor network traffic: Implement IDS/IPS rules to detect anomalous POST requests targeting /boafrm/formSysCmd or unusual traffic patterns indicative of exploitation attempts. 5. Replace legacy devices: Where possible, phase out TOTOLINK EX1200T routers in favor of models with active vendor support and security updates. 6. User awareness: Educate users about the risks of using outdated router firmware and encourage regular updates. 7. Access control: Enforce strong administrative passwords and consider multi-factor authentication for router management interfaces if supported. These targeted actions go beyond generic advice by focusing on the specific vulnerable component and attack vector.