What is the CVSS score of CVE-2025-6138?

CVE-2025-6138 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of T10 Firmware are affected by CVE-2025-6138?

A remote code execution vulnerability affecting TOTOLIK T10 routers (model 4.1.8cu.5207) has been publicly disclosed with working exploits available.

Is there a public PoC exploit available for CVE-2025-6138?

Yes, a public proof-of-concept exploit is available for CVE-2025-6138. Prioritise patching immediately. EPSS: 0.6%.

How to fix or mitigate CVE-2025-6138?

Within 24 hours: Inventory all TOTOLINK T10 devices in your network and isolate affected units from critical systems if possible. Within 7 days: Contact TOTOLINK for patch availability and timeline; evaluate replacement or upgrade options given the lack of current patching. Within 30 days: Implement network segmentation to restrict router management access, deploy IDS/IPS signatures to detect exploitation attempts, and develop a device replacement plan if vendor patch is not released.

T10 Firmware CVE-2025-6138

EUVD-2025-18434 HIGH

Buffer Overflow (CWE-119)

2025-06-16 cna@vuldb.com

Buffer Overflow TP-Link T10 Firmware TOTOLINK

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18434

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

PoC Detected

Jun 20, 2025 - 14:34 vuln.today

Public exploit code

CVE Published

Jun 16, 2025 - 21:15 nvd

HIGH 8.8

DescriptionNVD

A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request handler. An authenticated attacker can remotely exploit the setWizardCfg function via the ssid5g parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.

Technical ContextAI

The vulnerability exists in the cstecgi.cgi CGI binary, which processes HTTP POST requests for wireless router configuration. The setWizardCfg function fails to properly validate the length of the ssid5g input parameter before copying it into a fixed-size stack buffer, resulting in a classic stack-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). The affected component handles wireless SSID configuration for 5GHz band settings in the TOTOLINK T10 wireless router. This is a network-facing service running on the device's embedded HTTP server, making it remotely accessible to authenticated users or potentially unauthenticated users depending on authentication bypass conditions.

RemediationAI

Immediate actions: (1) If patched firmware is available from TOTOLINK for T10 model, upgrade immediately via the device's firmware update mechanism or web interface; (2) If no patch exists, restrict network access to the device's HTTP interface using firewall rules, allowing only trusted administrative IPs; (3) Change default credentials and enforce strong passwords to reduce authenticated attack surface; (4) Consider isolating affected T10 devices on a separate administrative network segment; (5) Monitor vendor security advisories at https://www.totolink.net for patch releases. Check TOTOLINK's support page for firmware downloads and security bulletins. As a temporary mitigation, disable remote management features if not required and restrict access to port 80/443 at the network perimeter.