CVE 9.4 CRITICAL

Buffer Overflow in Totolink EX1200L router_CVE-2026-44089

June 23, 2026 invoker category_cve

9.4 / 10

CRITICAL

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing data, as well as bricking the router.

Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 9.3.5u.6146_B20201023 but may also affect other versions.

AI Analysis

Buffer Overflow vulnerability in Totolink EX1200L router's login functionality, allowing remote code execution and root access.

Basic Information

ID CVE-2026-44089

Source CERT-PL

Published Jun 23, 2026 at 12:08

Affected Product

Vendor Totolink

Product EX1200L

Version 9.3.5u.6146_B20201023

Affected Versions Totolink EX1200L 9.3.5u.6146_B20201023

CWE Classification

CWE-121

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor Totolink

Product EX1200L

Version 9.3.5u.6146_B20201023

References

{
    "lastseen": "",
    "description": "Totolink\u00a0EX1200L router is vulnerable to Buffer Overflow in the login functionality in\u00a0cgi-bin/cstecgi.cgi endpoint.\u00a0This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing data, as well as bricking the router.\n\nBecause vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 9.3.5u.6146_B20201023 but may also affect other versions.",
    "published": "2026-06-23T12:08:09.508Z",
    "modified": "2026-06-23T12:08:09.508Z",
    "type": "cve",
    "title": "Buffer Overflow in Totolink EX1200L router",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2026/06/CVE-2026-44089\nhttps://www.totolink.net/home/menu/detail/menu_listtpl/download/id/217/ids/36.html",
    "id": "CVE-2026-44089",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "Totolink EX1200L 9.3.5u.6146_B20201023",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EX1200L",
    "version": "9.3.5u.6146_B20201023",
    "vendor": "Totolink",
    "ai_description": "Buffer Overflow vulnerability in Totolink EX1200L router's login functionality, allowing remote code execution and root access.",
    "ai_severity": "Critical",
    "ai_vendor": "Totolink",
    "ai_product": "EX1200L",
    "ai_version": "9.3.5u.6146_B20201023",
    "ai_score": 9.4
}

💭 Join the Security Discussion ❌ Cancel Reply