Skip to main content

T6 Firmware CVE-2025-7460

| EUVDEUVD-2025-21189 HIGH
Buffer Overflow (CWE-119)
2025-07-11 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 16, 2026 - 08:18 euvd
EUVD-2025-21189
Analysis Generated
Mar 16, 2026 - 08:18 vuln.today
PoC Detected
Jul 16, 2025 - 14:58 vuln.today
Public exploit code
CVE Published
Jul 11, 2025 - 22:15 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-7460 is a critical buffer overflow vulnerability in the setWiFiAclRules function of TOTOLINK T6 routers (version 4.1.5cu.748_B20211015) that allows authenticated remote attackers to achieve code execution through malformed MAC address parameters in HTTP POST requests. The vulnerability has been publicly disclosed with proof-of-concept availability and poses immediate risk to deployed TOTOLINK T6 devices; exploitation requires valid credentials but no user interaction.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component (/cgi-bin/cstecgi.cgi) of TOTOLINK T6 firmware. The setWiFiAclRules function fails to properly validate the length of the 'mac' argument before copying it into a fixed-size buffer, resulting in a classic stack-based or heap-based buffer overflow (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). This is a common firmware vulnerability pattern in embedded networking devices where CGI scripts lack input sanitization. The affected product is a wireless router using a proprietary firmware stack. The vulnerability is triggered through a direct HTTP POST request to the CGI endpoint, making it trivially exploitable once an attacker gains initial authentication access (likely through default credentials, credential compromise, or local network access).

RemediationAI

Immediate remediation steps: (1) If vendor patch available: Check TOTOLINK support site for T6 firmware updates newer than 4.1.5cu.748_B20211015 and apply immediately. (2) If no patch: Implement network segmentation—restrict HTTP/HTTPS access to the router's admin interface to trusted IPs only; change default admin credentials to strong, unique passwords; disable remote administration features if enabled. (3) Monitoring: Log and alert on POST requests to /cgi-bin/cstecgi.cgi with 'setWiFiAclRules' parameters from unexpected sources. (4) Contingency: Consider replacing TOTOLINK T6 devices with alternatives from vendors with active security support if firmware updates are unavailable. Reference vendor advisory at TOTOLINK security portal (if exists); otherwise escalate to vendor for patch timeline.

CVE-2023-7221 CRITICAL POC
9.8 Jan 09

A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2022-38828 CRITICAL POC
9.8 Sep 16

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi. Rated critical severity (CVSS 9.8

CVE-2022-38827 CRITICAL POC
9.8 Sep 16

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi. Rated critical severity (CVSS 9.8),

CVE-2022-38826 CRITICAL POC
9.8 Sep 16

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. Rated critical severity (CV

CVE-2022-38823 CRITICAL POC
9.8 Sep 16

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. Rated critical sev

CVE-2022-25084 CRITICAL POC
9.8 Feb 24

TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. Rat

CVE-2022-32053 HIGH POC
7.5 Jul 01

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the functio

CVE-2022-32052 HIGH POC
7.5 Jul 01

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FU

CVE-2022-32051 HIGH POC
7.5 Jul 01

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime paramete

CVE-2022-32050 HIGH POC
7.5 Jul 01

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the functio

CVE-2022-32049 HIGH POC
7.5 Jul 01

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN

CVE-2022-32048 HIGH POC
7.5 Jul 01

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function

Share

CVE-2025-7460 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy