Skip to main content

T10 Firmware CVE-2025-5902

| EUVDEUVD-2025-17589 HIGH
Buffer Overflow (CWE-119)
2025-06-09 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17589
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
PoC Detected
Jun 16, 2025 - 14:32 vuln.today
Public exploit code
CVE Published
Jun 09, 2025 - 23:15 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW function in the POST request handler. An authenticated remote attacker can exploit improper input validation on the slaveIpList parameter to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an actively exploitable threat.

Technical ContextAI

The vulnerability exists in the POST request handler component (/cgi-bin/cstecgi.cgi) of TOTOLINK T10 network equipment firmware. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which encompasses classic buffer overflow conditions. The setUpgradeFW function fails to properly validate or sanitize the length of the 'slaveIpList' argument before copying it into a fixed-size buffer, allowing an attacker to write beyond buffer boundaries. This is a stack or heap-based buffer overflow that can corrupt adjacent memory structures, potentially enabling arbitrary code execution. The vulnerability is triggered through HTTP POST requests to the CGI handler, a common attack surface in embedded network devices.

RemediationAI

Immediate actions: (1) Apply firmware patches from TOTOLINK if available—check TOTOLINK security advisories and product support pages for T10 firmware updates newer than 4.1.8cu.5207; (2) If patches are unavailable, isolate affected T10 devices to trusted networks and restrict administrative access via firewall rules; (3) Implement network segmentation to prevent lateral movement if compromise occurs; (4) Disable unnecessary services and the upgrade function if operationally feasible; (5) Monitor device logs for POST requests to /cgi-bin/cstecgi.cgi with suspicious slaveIpList parameters; (6) Enforce strong authentication credentials on the device if it remains in use; (7) Consider replacing the device with patched alternatives from TOTOLINK or competitive vendors if firmware updates are not available within 30 days. Long-term: Track TOTOLINK security advisories and establish firmware update processes for all network equipment.

CVE-2024-8162 CRITICAL POC
9.3 Aug 26

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Rated critical severity (CVSS

CVE-2025-5905 HIGH POC
8.8 Jun 10

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configu

CVE-2025-5904 HIGH POC
8.8 Jun 10

A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName fun

CVE-2025-5903 HIGH POC
8.8 Jun 10

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules funct

CVE-2025-5901 HIGH POC
8.8 Jun 09

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule fu

CVE-2025-6138 HIGH POC
8.8 Jun 16

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request han

CVE-2025-6137 HIGH POC
8.8 Jun 16

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg fu

CVE-2024-8577 HIGH POC
8.7 Sep 08

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. Rated high severity (

CVE-2024-8576 HIGH POC
8.7 Sep 08

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. Rated high severity (

CVE-2024-8573 HIGH POC
8.7 Sep 08

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/

CVE-2025-44655 CRITICAL
9.8 Jul 21

Privilege escalation and unauthorized file access affects TOTOLINK A7100RU (V7.4), A950RG (V5.9), and T10 (V5.9) routers

CVE-2022-25137 CRITICAL
9.8 Feb 19

A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3

Share

CVE-2025-5902 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy