CVE-2025-6137

Sažetak

A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Reference

https://candle-throne-f75.notion.site/TOTOLINK-T10-setWiFiScheduleCfg-20ddf0aa11858053a171f052787c202f
https://vuldb.com/?ctiid.312606
https://vuldb.com/?id.312606
https://vuldb.com/?submit.592911
https://www.totolink.net/

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-06-2025 - 20:15

Objavljeno

16-06-2025 - 20:15