EUVD-2025-17612CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.
Technical Context
The vulnerability exists in the TOTOLINK T10 wireless router's web management interface, specifically in the cstecgi.cgi CGI script that handles WiFi access control list (ACL) configuration via HTTP POST requests. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where user-supplied input in the 'desc' parameter is not properly validated for length before being written to a fixed-size stack or heap buffer. The setWiFiAclRules function fails to implement bounds checking, allowing an attacker to overflow the buffer and overwrite adjacent memory structures, potentially leading to arbitrary code execution. This is a memory safety issue fundamental to C/C++ implementations lacking input sanitization on network-facing CGI handlers.
Affected Products
TOTOLIK T10 firmware version 4.1.8cu.5207. The vulnerable component is /cgi-bin/cstecgi.cgi (POST Request Handler). Inferred CPE: cpe:2.3:o:totolink:t10_firmware:4.1.8cu.5207:*:*:*:*:*:*:*. Related CPE pattern: cpe:2.3:h:totolink:t10:*:*:*:*:*:*:*:*. Firmware versions prior to and including 4.1.8cu.5207 are presumed vulnerable; later versions require confirmation from TOTOLINK vendor advisories. The T10 is a consumer/SOHO wireless router, affecting potentially thousands of end-user and small business networks.
Remediation
Immediate actions: (1) TOTOLINK users should check for firmware updates beyond version 4.1.8cu.5207 via the device web interface (System Settings > Firmware Upgrade) or TOTOLINK support portal; apply patches immediately upon availability; (2) Temporary mitigation: restrict access to the router's web management interface (typically port 80/443) to trusted IP addresses only via firewall rules or disable remote administration if not required; change default credentials to strong, unique passwords; (3) Monitor for suspicious POST requests to /cgi-bin/cstecgi.cgi with setWiFiAclRules parameters; (4) Consider replacing the device with a vendor that maintains active security updates if TOTOLINK does not release a patched firmware version promptly; (5) Check TOTOLINK's official security advisory page and CVE/NVD references for patched firmware version numbers when available. Vendor advisory URL: https://www.totolink.net/ (check security/support section).
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today