What is the CVSS score of CVE-2025-5903?

CVE-2025-5903 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of T10 Firmware are affected by CVE-2025-5903?

TOTOLIK T10 routers running firmware 4.1.8cu.5207 are vulnerable to remote code execution through a buffer overflow vulnerability with public exploit code available.

Is there a public PoC exploit available for CVE-2025-5903?

Yes, a public proof-of-concept exploit is available for CVE-2025-5903. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate CVE-2025-5903?

Within 24 hours: Identify all TOTOLINK T10 devices on the network and isolate them from critical systems; disable remote administrative access if enabled. Within 7 days: Contact TOTOLINK for patch availability and timeline; implement network segmentation to restrict device traffic; monitor for exploitation attempts. Within 30 days: Replace affected devices with alternative vendors or deploy compensating controls; establish device inventory and firmware tracking processes.

T10 Firmware CVE-2025-5903

EUVD-2025-17612 HIGH

Buffer Overflow (CWE-119)

2025-06-10 cna@vuldb.com

RCE Buffer Overflow TP-Link T10 Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17612

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

PoC Detected

Jun 16, 2025 - 14:29 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 00:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.

Technical ContextAI

The vulnerability exists in the TOTOLINK T10 wireless router's web management interface, specifically in the cstecgi.cgi CGI script that handles WiFi access control list (ACL) configuration via HTTP POST requests. The root cause is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where user-supplied input in the 'desc' parameter is not properly validated for length before being written to a fixed-size stack or heap buffer. The setWiFiAclRules function fails to implement bounds checking, allowing an attacker to overflow the buffer and overwrite adjacent memory structures, potentially leading to arbitrary code execution. This is a memory safety issue fundamental to C/C++ implementations lacking input sanitization on network-facing CGI handlers.

RemediationAI

Immediate actions: (1) TOTOLINK users should check for firmware updates beyond version 4.1.8cu.5207 via the device web interface (System Settings > Firmware Upgrade) or TOTOLINK support portal; apply patches immediately upon availability; (2) Temporary mitigation: restrict access to the router's web management interface (typically port 80/443) to trusted IP addresses only via firewall rules or disable remote administration if not required; change default credentials to strong, unique passwords; (3) Monitor for suspicious POST requests to /cgi-bin/cstecgi.cgi with setWiFiAclRules parameters; (4) Consider replacing the device with a vendor that maintains active security updates if TOTOLINK does not release a patched firmware version promptly; (5) Check TOTOLINK's official security advisory page and CVE/NVD references for patched firmware version numbers when available. Vendor advisory URL: https://www.totolink.net/ (check security/support section).