EUVD-2025-17591CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule function in the POST request handler at /cgi-bin/cstecgi.cgi. An authenticated remote attacker can exploit this vulnerability by manipulating the File argument to achieve buffer overflow, resulting in complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and represents an immediate threat to affected devices.
Technical Context
This vulnerability exists in the CGI (Common Gateway Interface) request handler component of TOTOLIK T10 wireless router firmware. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where user-supplied input (the File parameter) is not properly validated or bounded before being written to a fixed-size buffer. The UploadCustomModule function processes POST requests intended for custom module uploads but lacks input length validation. TOTOLINK T10 is identified by CPE: cpe:2.3:o:totolink:t10_firmware:4.1.8cu.5207:*:*:*:*:*:*:*. The vulnerable endpoint /cgi-bin/cstecgi.cgi processes HTTP POST requests with insufficient bounds checking on the File parameter, allowing an attacker to overflow adjacent memory regions and inject arbitrary code or corrupt critical data structures.
Affected Products
TOTOLINK T10 firmware version 4.1.8cu.5207 is confirmed affected. The vulnerability is present in the POST request handler component at /cgi-bin/cstecgi.cgi. Additional firmware versions and TOTOLINK models may be affected but are not explicitly documented in available sources. CPE designation: cpe:2.3:o:totolink:t10_firmware:4.1.8cu.5207:*:*:*:*:*:*:*. Organizations should assume other T10 firmware versions proximate to 4.1.8cu.5207 may be vulnerable pending vendor assessment. No vendor security advisory or patch information is available in provided sources; contact TOTOLINK support or monitor their security portal for updates.
Remediation
Immediate actions: (1) If a patched firmware version is available, upgrade TOTOLINK T10 to the latest stable release immediately (check TOTOLINK's official firmware download portal); (2) Until patching is possible, restrict network access to /cgi-bin/cstecgi.cgi via firewall rules or router access control lists (ACLs); (3) Implement network segmentation to limit administrative access to the router's web interface to trusted internal networks only; (4) Change default and weak administrative credentials on all TOTOLINK T10 devices (authentication is required but weak credentials are commonly exploited); (5) Monitor TOTOLINK security advisories at their official website for patch release announcements. No specific patched firmware version is documented in available sources—contact TOTOLINK technical support ([email protected] or regional support channels) for patch availability and timeline. Legacy devices may not receive patches; consider replacement if no update is forthcoming.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today