How to fix CVE-2025-5905?

Within 24 hours: Inventory all TOTOLINK T10 devices running version 4.1.8cu.5207 and isolate affected units from production networks if business-critical. Within 7 days: Implement WAF rules blocking POST requests to /cgi-bin/cstecgi.cgi with suspicious password parameters, restrict administrative access to these devices via network segmentation, and disable WiFi repeater functionality if not actively used. Within 30 days: Contact TOTOLINK for patch availability; if no patch is released, plan replacement with alternative vendor equipment with active security support, or maintain devices in isolated network segments with continuous monitoring.

Is T10 Firmware affected by CVE-2025-5905?

A critical remote code execution vulnerability affects TOTOLIK T10 routers (version 4.1.8cu.5207) through a buffer overflow in the WiFi repeater configuration function.

CVE-2025-5905

EUVD-2025-17608 HIGH

2025-06-10 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17608

PoC Detected

Jun 16, 2025 - 14:21 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 00:15 nvd

HIGH 8.8

Description

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configuration function. An authenticated remote attacker can exploit this vulnerability by sending a malicious POST request with an oversized Password parameter to /cgi-bin/cstecgi.cgi, achieving complete compromise of the device including arbitrary code execution. Public disclosure and proof-of-concept code availability significantly elevate real-world risk despite requiring authenticated access.

Technical Context

The vulnerability exists in the setWiFiRepeaterCfg function within the POST Request Handler component of TOTOLINK's web interface. The root cause is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating inadequate input validation and buffer bounds checking on the Password parameter. The affected component is a CGI script (/cgi-bin/cstecgi.cgi) that processes HTTP POST requests for WiFi repeater configuration. TOTOLINK T10 is a wireless router/repeater device running firmware version 4.1.8cu.5207. The buffer overflow occurs because the application fails to properly validate the length of user-supplied input before copying it into a fixed-size buffer, allowing stack or heap corruption depending on the buffer location.

Affected Products

T10 (['4.1.8cu.5207'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.6

CVSS: +44

POC: +20

CVE-2025-5905 vulnerability details – vuln.today

Back

CVE-2025-5905

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-5905

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code