TOTOLINK EX1800T Stack-Based Buffer Overflow Vulnerabilities

Two critical issues have been discovered in TOTOLINK EX1800T devices (up to firmware version 9.1.0cu.2112_B20220316). Both vulnerabilities are rated with a high severity score of 8.8, indicating a significant risk if exploited.

CVE-2025-2370

This vulnerability manifests within the function setWiFiExtenderConfig in the file /cgi-bin/cstecgi.cgi. An attacker can manipulate the apcliSsid argument to cause a stack-based buffer overflow. With remote access capabilities, this flaw could be exploited to compromise affected devices.

CVE-2025-2369

Similarly, the function setPasswordCfg in the same CGI script file is vulnerable to a stack-based buffer overflow if the admpass argument is manipulated. The fact that both vulnerabilities can be remotely exploited underlines the gravity of the situation, prompting urgent measures to secure affected networks.

U-Office Force Vulnerabilities in e-Excellence Products

Two additional vulnerabilities have emerged in the U-Office Force suite from e-Excellence, which could allow unauthorised access or code execution, posing a critical security risk.

CVE-2025-2396: Arbitrary File Upload Vulnerability

This vulnerability permits remote attackers with standard user privileges to upload and execute unauthorised web shell backdoors. Such an exploitable weakness can lead to arbitrary code execution, potentially allowing full control over the server hosting the vulnerable application.

CVE-2025-2395: Improper Authentication Vulnerability

This flaw enables unauthenticated remote attackers to abuse a specific API. By manipulating the authentication cookies, adversaries can gain administrator-level access. With a critical severity rating of 9.8, this vulnerability is of utmost concern, as it can provide adversaries with complete administrative control.

IROAD Dash Cam Remote Execution Vulnerability

The IROAD Dash Cam X5 and Dash Cam X6 (up to firmware version 20250308) are affected by another critical vulnerability classified as CVE-2025-2345. This issue centres on improper authorisation which can be exploited remotely, potentially leading to unauthorised remote code execution. Notably, despite early disclosure efforts, the vendor has not yet provided a response or fix for this dangerously exploitable issue.

Danish Telecom Security Alert

In related cybersecurity news, Danish authorities have elevated telecom security threat levels to “high”. The Danish cybersecurity agency has issued an alert regarding increased state-sponsored cyber espionage activities targeting the European telecom sector. Organisations within the industry are being urged to review their security postures in light of these emphasised threats to critical infrastructure.