Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW function in the POST request handler. An authenticated remote attacker can exploit improper input validation on the slaveIpList parameter to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an actively exploitable threat.
Technical ContextAI
The vulnerability exists in the POST request handler component (/cgi-bin/cstecgi.cgi) of TOTOLINK T10 network equipment firmware. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), which encompasses classic buffer overflow conditions. The setUpgradeFW function fails to properly validate or sanitize the length of the 'slaveIpList' argument before copying it into a fixed-size buffer, allowing an attacker to write beyond buffer boundaries. This is a stack or heap-based buffer overflow that can corrupt adjacent memory structures, potentially enabling arbitrary code execution. The vulnerability is triggered through HTTP POST requests to the CGI handler, a common attack surface in embedded network devices.
RemediationAI
Immediate actions: (1) Apply firmware patches from TOTOLINK if available—check TOTOLINK security advisories and product support pages for T10 firmware updates newer than 4.1.8cu.5207; (2) If patches are unavailable, isolate affected T10 devices to trusted networks and restrict administrative access via firewall rules; (3) Implement network segmentation to prevent lateral movement if compromise occurs; (4) Disable unnecessary services and the upgrade function if operationally feasible; (5) Monitor device logs for POST requests to /cgi-bin/cstecgi.cgi with suspicious slaveIpList parameters; (6) Enforce strong authentication credentials on the device if it remains in use; (7) Consider replacing the device with patched alternatives from TOTOLINK or competitive vendors if firmware updates are not available within 30 days. Long-term: Track TOTOLINK security advisories and establish firmware update processes for all network equipment.
More in T10 Firmware
View allA vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Rated critical severity (CVSS
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configu
A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName fun
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules funct
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule fu
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request han
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg fu
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. Rated high severity (
A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. Rated high severity (
A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/
Privilege escalation and unauthorized file access affects TOTOLINK A7100RU (V7.4), A950RG (V5.9), and T10 (V5.9) routers
A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17589