Overview

The TOTOLINK NR1800X, a commonly used router, has been discovered to have a significant security vulnerability, identified as CVE-2025-45844. This weakness makes it possible for attackers to trigger a stack overflow by sending a maliciously crafted SSID parameter in the setWiFiBasicCfg function. This vulnerability affects all devices using the TOTOLINK NR1800X V9.1.0u.6681_B20230703 firmware. The impact of this vulnerability could be high, allowing potential system compromise or data leakage, which could lead to unauthorized access to sensitive information or disruption of service.

Vulnerability Summary

CVE ID: CVE-2025-45844
Severity: High (8.8 CVSS Score)
Attack Vector: Network
Privileges Required: Low
User Interaction: Required
Impact: Potential system compromise and data leakage

Affected Products

Product | Affected Versions

TOTOLINK NR1800X | V9.1.0u.6681_B20230703

How the Exploit Works

The exploit takes advantage of a lack of proper input validation in the setWiFiBasicCfg function of the TOTOLINK NR1800X firmware. By sending an exceptionally long SSID parameter, an attacker can trigger a stack overflow, overwriting memory and potentially allowing the execution of arbitrary code with the privileges of the currently logged in user.

Conceptual Example Code

Here is a conceptual example of a malicious HTTP request that could exploit this vulnerability:

POST /setWiFiBasicCfg HTTP/1.1
Host: target.router.ip
Content-Type: application/x-www-form-urlencoded
Cookie: sessionid=<valid session id>
ssid=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...

In this example, “AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA…” represents a string that is long enough to trigger a stack overflow in the setWiFiBasicCfg function.
Please note that this is a simplified example. In a real-world scenario, an attacker would likely use a carefully crafted payload to overwrite specific parts of the stack to gain control over the execution flow of the program.