What is the CVSS score of CVE-2025-6137?

CVE-2025-6137 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of T10 Firmware are affected by CVE-2025-6137?

A publicly disclosed remote code execution vulnerability affects TOTOLIK T10 routers (version 4.1.8cu.5207), allowing attackers to compromise network infrastructure without authentication.

Is there a public PoC exploit available for CVE-2025-6137?

Yes, a public proof-of-concept exploit is available for CVE-2025-6137. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2025-6137?

Within 24 hours: Inventory all TOTOLINK T10 devices in production and isolate affected units from critical networks if possible. Within 7 days: Implement network segmentation to restrict administrative access to these devices, apply WAF rules blocking POST requests to /cgi-bin/cstecgi.cgi with oversized 'desc' parameters, and disable WiFi scheduling features if operationally feasible. Within 30 days: Replace affected devices with patched alternatives or models from vendors with active security support, and conduct network forensics to detect any prior exploitation.

T10 Firmware CVE-2025-6137

EUVD-2025-18439 HIGH

Buffer Overflow (CWE-119)

2025-06-16 cna@vuldb.com

RCE Buffer Overflow TP-Link T10 Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18439

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

PoC Detected

Jun 26, 2025 - 16:33 vuln.today

Public exploit code

CVE Published

Jun 16, 2025 - 20:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.

Technical ContextAI

The vulnerability exists in the TOTOLINK T10 router's CGI-based HTTP request handler (/cgi-bin/cstecgi.cgi). The setWiFiScheduleCfg function fails to properly validate or bound-check user-supplied input in the 'desc' parameter before copying it into a fixed-size buffer, creating a classic stack-based or heap-based buffer overflow condition classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). This is a common vulnerability class in embedded device firmware where C-based CGI handlers lack modern memory safety protections. The HTTP POST request handler processes administrative configuration requests, making this endpoint a natural attack surface for authenticated users or those who can bypass authentication.